My Theories on the MEW Wallet Phishing Scam

HodlX Guest Blog  Submit Your Post

At approximately 12:00pm UTC on the 24th April 2018 a number of Domain Name System registration servers for www.myetherwallet.com were hijacked and users were redirected to a phishing site. It should be noted that users would have had to click to ignore an SSL (Secure Sockets Layer) warning.

Reports quickly surfaced of a potential wallet address being used in the attack to move funds between different addresses.

The wallet: https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39 has a balance of approximately $15.5m at the time of writing. This wallet has a 5 month history of complaints regarding scams and hacks (sort comments by oldest)

(https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39#comments)

Scams including Indahash and a Fake Telegram ICO were apparently run through this wallet. The wallet never seems to interact directly with exchanges it just holds amounts with a lot of traffic in and out giving the impression to some it could be an exchanges wallet.

One of the wallets linked with this address is:

https://etherscan.io/address/0x3db3c9258f12762eb8a5689096d3783a2863f888

This address was receiving funds from the alledged hackers address above up until around 2 hours ago when it was cleared out. I was in contact with Binance regarding this address being linked around the time the transfers stopped. Balances were coming in and then transferred to the Binance wallet within minutes.

There are also other wallets linked with the main address in question like this one:

https://etherscan.io/address/0xf203a3b241decafd4bdebbb557070db337d0ad27

This address has been reported as being linked with the mewdns phishing hack. The funds from this wallet were sent to https://etherscan.io/address/0x39683abdba389bad9d39fadb82a45bc56244133f and then back to the main address in question to be transferred to a wallet that hasn’t been reported and onto the Binance exchange.

There is a linked wallet that is currently building a balance and I’d bet a pretty penny that it’s also involved waiting to be sent out to an exchange. The address is:

https://etherscan.io/address/0x51f332bd2e8a8a0e94ead05425efd35fe0e8434c

There are no comments and no reports regarding it’s involvement in the phishing hack (yet).

There are however multiple comments on a lot of the linked addresses of users effectively begging a hacker to send them stolen ETH. Give your head a wobble people and to everyone else stay safe and practice safe CEX.

Join us on Telegram            Follow us on Twitter

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.