My Theories on the MEW Wallet Phishing Scam
HodlX Guest Blog Submit Your Post
At approximately 12:00pm UTC on the 24th April 2018 a number of Domain Name System registration servers for www.myetherwallet.com were hijacked and users were redirected to a phishing site. It should be noted that users would have had to click to ignore an SSL (Secure Sockets Layer) warning.
Reports quickly surfaced of a potential wallet address being used in the attack to move funds between different addresses.
The wallet: https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39 has a balance of approximately $15.5m at the time of writing. This wallet has a 5 month history of complaints regarding scams and hacks (sort comments by oldest)
Scams including Indahash and a Fake Telegram ICO were apparently run through this wallet. The wallet never seems to interact directly with exchanges it just holds amounts with a lot of traffic in and out giving the impression to some it could be an exchanges wallet.
One of the wallets linked with this address is:
This address was receiving funds from the alledged hackers address above up until around 2 hours ago when it was cleared out. I was in contact with Binance regarding this address being linked around the time the transfers stopped. Balances were coming in and then transferred to the Binance wallet within minutes.
There are also other wallets linked with the main address in question like this one:
This address has been reported as being linked with the mewdns phishing hack. The funds from this wallet were sent to https://etherscan.io/address/0x39683abdba389bad9d39fadb82a45bc56244133f and then back to the main address in question to be transferred to a wallet that hasn’t been reported and onto the Binance exchange.
There is a linked wallet that is currently building a balance and I’d bet a pretty penny that it’s also involved waiting to be sent out to an exchange. The address is:
There are no comments and no reports regarding it’s involvement in the phishing hack (yet).
There are however multiple comments on a lot of the linked addresses of users effectively begging a hacker to send them stolen ETH. Give your head a wobble people and to everyone else stay safe and practice safe CEX.