DNS of the website MyEtherWallet was compromised by the hacker who stole more than $150 000 in Ether from about hundred of different wallets during the complex phishing attack.
Yesterday, MyEtherWallet and its users became the victims of the complex hacker attack that included the capturing of the domain name service of the website.
According to the Reddit publication, people who used public DNS-servers were receiving a false IP-address for the website MyEtherWallet. Instead of directing to the ordinary address CloudFront, they were redirected to the Russian IP-address, where the web-server was running. When they opened the website, they saw something that imitated MyEtherWallet and prompted them to enter their private wallet keys.
The address of the hacker’s Ethereum wallet was detected and marked “Fake_Phishing899” on the Etherscan – the service that allows people to pull out the addresses from the Ethereum blockchain and find the information on their transactions.
180 transactions were carried out with this address, including the withdrawal of 215 ETH (~$150,000), that afterward were distributed among several other addresses. Maybe, the money was laundered through other cryptocurrencies.
Reddit users reacted to the threat, suggesting using the offline-version of the website or download MyEtherWallet or Parity from the Github for the full node. However, both these measures are preventive. There is no way present victims could return their losses.
The advanced form of phishing affected more than hundred people, exceeding all previous events connected with the website. During another phishing attack in October last year, hackers received $15 000 in Ether during two hours of the untargeted phishing campaign on the email.
What concerns the present attack it could have been easily prevented if one looked at the address line with the green lock and “MyEtherWallet Inc (US)” on it. It shows that the website you want to visit has OV or EV-certificate which is almost impossible to reproduce and belongs to MyEtherWallet.
While the majority of the websites have the word “Secure” together with a green lock, which shows the domain verification certificate (DV-certificate), MyEtherWallet and the developers of other financial apps have made a step further and received the organizational (OV) or expanded verification (EV), which indicate that the checked organization is responsible for the domain.