Popular crypto wallet MEW hit by DNS attack that drained some users’ accounts
There is concern, tears and lost money in the world of crypto once again after MyEtherWallet (MEW), one of the most popular wallets on the internet, was hit by a DNS hack that saw some users lose their cryptocurrency.
MEW said in a statement that “a couple of Domain Name System registration servers were hijacked around 12PM UTC 24 April to redirect users to a phishing site.” Not all visitors to the site during the hijack were impacted, but MEW said that “a majority” of those who were had been using Google’s DNS.
“We are currently in the process of verifying which servers were targeted to help resolve this issue as soon as possible,” the company added, confirming that it has since secured its website. The company recommends those who had used Google DNS to switch to Cloudflare’s.
Wikipedia, country-specific versions of Microsoft, Google and PayPal and even banks have been hit by similar attacks before.
An incident like this doesn’t compromise the site directly, but, in the case of MEW, it led some users of the service to insecure websites that aren’t MEW. From there, those who entered private key information without realizing they had been phished risked having their data snagged by the attackers on the other side. With that information, the attackers could gain access to their account and drain its contents. (Note: This is a very good reason why people are advised to never enter private keys manually, and why secure hardware is highly recommended.)
It’s hard to quantify the impact of an attack like this because MEW is such a well-used and trusted service, while MEW said it is still gathering information on exactly what happened.
Coindesk reports that $150,000,...