A hacker managed phishing cryptocurrency holders on Tuesday morning briefly hijacking MyEtherWallet.com's Internet traffic.
For approximately two hours, the hacker rerouted the traffic from the cryptocurrency purse provider to a similar version of the site. The fraudulent site secretly channeled any deposit in the virtual currency Ether to a hacker-controlled address.
Unfortunately, dozens of people may have fallen for the scheme. The hacker-controlled address shows that it received approximately 180 transactions during the incident, before transferring 215 in Ether (or approximately $ 151,000) to a separate wallet.
UK-based security researcher Kevin Beaumont noticed the attack and said the culprit was the fake MyEtherWallet site of a server in Russia. The hacker also seems to be quite rich, and controls a wallet containing $ 17 million in Ether.
To carry out the phishing scheme, the hacker exploited the Domain Name System, or how the network routes traffic. The DNS essentially acts as an Internet telephone directory, translating domain names into IP addresses so that your computer can visit a website.
It is not clear how hackers manipulated DNS traffic. But Beaumont said in his blog post that it meant redirecting traffic to Amazon's Internet infrastructure, which is used by many important websites.
MyEtherWallet confirmed the incident, but insisted that "it was not due to a lack of security on the @myetherwallet platform." Instead, he blamed " a piracy technique a decade ago [whereby] hackers find … vulnerabilities in public DNS servers."
" Most of the affected users used Google DNS servers, we recommend all our users to switch to Cloudflare DNS servers in the meantime," according to MyEtherWallet, who also urged people to "ignore any tweet , reddit posts or messages of any kind that purport to give or reimburse ETH on behalf of MEW (MyEtherWallet). "
People who visited the hacker's MyEtherWallet page during the incident would have found a pop-up window in their browser, warning them that the site was working with a digital device that was not trusted certificate. However, users may have ignored the alert, not realizing that it meant the site was fake.
But perhaps the biggest concern is whether the hacker can re-perform the hijacking. In his blog post, Beaumont said no one noticed the attack until after it was stopped, and that other sites could also have been attacked.