In breaking news, a group of underground hackers have managed to steal an estimated $150 000 worth of various Cryptocurrencies through a rather ingenious manipulation of DNS settings. The hackers in question managed to reroute the DNS location of the Cryptocurrency exchange sites that the users were initially obtaining to their site and therefore the users transacted on the scammers site without being any wiser, which has ultimately led to many people’s bank accounts being worse for wear this evening.
My Ether Wallet Was Targeted
The site that the users were originally attempting to make use of is none other than MyEtherWallet, or MEW, for those of you that are unaware MEW happens to be one of the most popular Cryptocurrency wallets available today. MEW itself was not attacked and was not the actual target of the hackers either, rather the servers in it were. The hackers accessed the DNS addresses on the servers of MEW and managed to reroute the DNS address to their own website. This is how users were able to be conned so seamlessly, as for all extents and purposes they were completely unaware that there was a difference to their usual experience.
The hacking of the MEW servers appears to have taken place during 7am and 9am ET yesterday or between 11am and 1pm UTC. MEW spokespeople have stated that the vast majority of individuals who were affected by the scam were using Google DNS servers. It appears that the users who were affected were given a notification of an SSL error or warning due to possible danger and then they chose to ignore or close the notification, which ultimately has led to this predicament.
Certain sites such as Coindesk have given the figures lost as $152 000 worth of Ether, however other sites such as TechCrunch have stated that the figure could be considerably higher, possibly in the region of $365 000. The main issue with this hack in general, is that the hackers did not trigger any security measures that MEW has in place and therefore it is impossible to know the full scope of the attack, or even if it could happen again.
However, was My Ether Wallet truly the target
Others believe that it was not Google’s DNS settings but rather Amazon’s internet domain services that were the real target of this hack. This particular statement is being propagated by Kevin Beaumont, who has noted how the hackers spent a minimum of two hours rerouting all DNS traffic.
Many have noted how this particular scam shows just how truly vulnerable the current setup of the internet is, noting that although today only MEW was the target, however, it could very easily be more powerful or meaningful sites such as financial institutions that could be targeted next.
MEW has urged all users to ignore any and all posts on sites such as Reddit, online forums or any social media posts that claim to be offering a return for any Cryptocurrency lost due to this particular scam. MEW has not yet stated if they plan on returning any of the money lost during this scam or are planning to help any of its users at the time this was written.