MyEtherWallet – a popular wallet generator for Ethereum and Ethereum-based tokens – has confirmed it was hacked early this morning.
According to the blockchain explorer Etherscan.io, more than $150,000 in stolen crypto has now moved through the attacker’s wallet address.
The company says a well-known hacking technique was used to hijack Google Domain Name System registration servers at about 7:15 a.m. EST. This allowed the attacker to redirect myetherwallet.com to a phishing site.
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet | MEW (@myetherwallet) April 24, 2018
The company sent an alert out to users soon after the attack and now says the website is working properly.
How to Avoid Phishing Scams
Phishing sites are essentially fake, imitation websites designed to look identical to the real thing. Once you log on and enter your information (i.e. passwords, private keys), the thieves have everything they need to steal your funds.
To stay safe, the best thing to do is always double check and make sure you have entered the URL correctly into the address bar. Always look for the green SSL Certificate next to the address.
On cryptocurrency exchanges it’s also important to enable some form of 2-factor authentication like Google Authenticator. However, this feature is not available on MyEtherWallet.
After today’s hack, MyEtherWallet put out a link to its own guide on how to stay safe on the platform. You can check that out here.
Update: A HodlX contributor follows the trail of the stolen crypto.
[Snippet1]
