Latest in Gear

Image credit: chombosan via Getty Images

Hackers steal over $150,000 in cryptocurrency with DNS scam

The scammers used DNS to reroute users to insecure websites.
299 Shares
Share
Tweet
Share

Sponsored Links

chombosan via Getty Images

MyEtherWallet (MEW) is one of the most popular online wallets for cryptocurrency. Now, it appears that the site was the subject of a DNS hack and some users lost their money. MEW wasn't directly hacked or compromised; instead, it looks as though DNS servers were targeted and users were redirected to phishing websites instead of visiting MEW.

The hack appears to have occurred between 11 AM and 1 PM UTC yesterday (7 AM to 9 AM ET), and the team at MEW noticed that the "majority of those affected were using Google DNS servers," as they noted in a tweet. Users likely were served an SSL warning and chose it ignore it.

MEW tweeted some tips to avoid phishing scams like this in the future. This is, of course, in addition to paying attention to SSL warnings and looking for a green bar SSL certificate to assure users that they have arrived at the intended website. The service also recommends switching from Google's DNS servers to Cloudflare.

Users lost a total of $152,000 (216 Ether) in this hack according to Coindesk, but TechCrunch reports that the actual total is probably higher: Somewhere in the range of $365,000. The trouble is, because the hack wasn't actually a security issue with MEW, it's hard to guard against this sort of thing.

Kevin Beaumont reports that it was actually Amazon's internet domain service, rather than Google's, that was targeted in the attack (update: please see below for a statement from an Amazon spokesperson on this issue). The hackers rerouted and served DNS traffic for over two hours. Right now, it appears as though MEW was the only target, but this attack serves to further highlight just how vulnerable the "phone book of the internet" really is.

Update: "Neither AWS nor Amazon Route 53 were hacked or compromised," an Amazon spokesperson told us in a statement. "An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer's domain to the malicious copy of that domain."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
299 Shares
Share
Tweet
Share

Popular on Engadget

Scoot makes its new single-seat mopeds available in Los Angeles

Scoot makes its new single-seat mopeds available in Los Angeles

View
Facebook's version of political neutrality isn't neutral

Facebook's version of political neutrality isn't neutral

View
Firefox update adds detailed tracking reports and password tools

Firefox update adds detailed tracking reports and password tools

View
AT&T offers the LG G8X with a 'free' Dual Screen case (updated)

AT&T offers the LG G8X with a 'free' Dual Screen case (updated)

View
A machine-learning system may have predicted the World Series winner

A machine-learning system may have predicted the World Series winner

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr