Ledger Nano S - The secure hardware wallet
Close
Close
My Theories on the MEW Wallet Phishing Scam
Share:
HodlX April 25, 2018 Darren Dunn

My Theories on the MEW Wallet Phishing Scam

HodlX Guest Blog  Submit Your Post

At approximately 12:00pm UTC on the 24th April 2018 a number of Domain Name System registration servers for www.myetherwallet.com were hijacked and users were redirected to a phishing site. It should be noted that users would have had to click to ignore an SSL (Secure Sockets Layer) warning.

Reports quickly surfaced of a potential wallet address being used in the attack to move funds between different addresses.

The wallet: https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39 has a balance of approximately $15.5m at the time of writing. This wallet has a 5 month history of complaints regarding scams and hacks (sort comments by oldest)

(https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39#comments)

Scams including Indahash and a Fake Telegram ICO were apparently run through this wallet. The wallet never seems to interact directly with exchanges it just holds amounts with a lot of traffic in and out giving the impression to some it could be an exchanges wallet.

One of the wallets linked with this address is:

https://etherscan.io/address/0x3db3c9258f12762eb8a5689096d3783a2863f888


This address was receiving funds from the alledged hackers address above up until around 2 hours ago when it was cleared out. I was in contact with Binance regarding this address being linked around the time the transfers stopped. Balances were coming in and then transferred to the Binance wallet within minutes.

There are also other wallets linked with the main address in question like this one:

https://etherscan.io/address/0xf203a3b241decafd4bdebbb557070db337d0ad27

This address has been reported as being linked with the mewdns phishing hack. The funds from this wallet were sent to https://etherscan.io/address/0x39683abdba389bad9d39fadb82a45bc56244133f and then back to the main address in question to be transferred to a wallet that hasn’t been reported and onto the Binance exchange.

There is a linked wallet that is currently building a balance and I’d bet a pretty penny that it’s also involved waiting to be sent out to an exchange. The address is:

https://etherscan.io/address/0x51f332bd2e8a8a0e94ead05425efd35fe0e8434c

There are no comments and no reports regarding it’s involvement in the phishing hack (yet).

There are however multiple comments on a lot of the linked addresses of users effectively begging a hacker to send them stolen ETH. Give your head a wobble people and to everyone else stay safe and practice safe CEX.

Disclaimer: The opinions of our guest writers are solely their own and do not reflect the opinions of The Daily Hodl. These opinions expressed are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin or cryptocurrency. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility.

Check Out the Latest Headlines