Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
958
Posted by
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
4 months ago

MyEtherWallet has been hacked/breached

MEW has just made more official statement. and thus can find that this current situation is "fixed." But please ! do make caution at all times.

If you want to learn more about the technical side of this, click here

Google Domain Name System registration servers were hijacked earlier today at roughly 12PM UTC so that MEW users were redirected to a phishing site. This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system.

This can happen to any org & is not due to a lack of security on the MEW platform, but due to criminal hackers finding vulnerabilities in public-facing DNS servers. Your security & privacy is ALWAYS priority. We do not store any of your personal details, including keys.

Majority of those affected were using Google DNS servers. Affected users likely clicked the "ignore" button on the SSL warning that pops up when visiting a malicious site imitating MEW. MAKE SURE there is a green bar SSL certificate that says “MyEtherWallet Inc [US]”

Some advice for our users: run a local (offline) copy of MEW platform. Use hardware wallets to store your cryptocurrencies. IGNORE any tweets, Reddit posts, or ANY messages which claim to be giving away or reimbursing ETH on behalf of MEW.

To keep up this fight against this criminal phishing attack, we need our amazing community to support and educate each other - this is an ongoing battle that requires us all to stick together.

They have also said that everything is fine

It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide:

Original Post:

Official Statement from MEW: https://twitter.com/myetherwallet/status/988787116015415296

Couple of DNS servers were hijacked to resolve http://myetherwallet.com users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.

Answering some common questions. Hardware Wallets should be fine. Use caution for now and DO NOT LOGIN. Please read the comment here, which is very helpful

There is a couple reports on the MEW sub regarding this: https://np.reddit.com/r/MyEtherWallet/comments/8ek0jj/think_i_got_scammedphishedhacked/

MyEtherWallet has been hacked, it looks like a security SSL mismatch which is redirecting you to a different domain.

Right now it appears that people are being affected via LOGIN only. Do not login, and only view your balances via Etherscan or another explorer. If you need to send and move your funds, use another wallet, like Metamask, for now, or use MEW offline..

This post will be updated if more developments are found.

Edit: A comment on the MEW sub says that it's an issue with Google DNS. Personally I did not receive a cert warning. I would still wait for announcement. The hacker's address is still getting ETH.

Edit: here are some more information from r/EthTrader. It provides more links if you want to look into greater detail.

Edit: Thank you everyone for the clarification. It's a spoof of OpenDNS and not MEW. But the above info still does apply. I will await a further update from MEW, currently they only say they are working on it. It's been updated, check the top!

493 comments
91% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1
169 points · 4 months ago · edited 2 months ago

WHAT TO DO IN THIS SITUATION

If you've used MEW in the last ~4 hours using the private key or keystore file or mnemonic phrase methods:

-Check your address on etherscan.io to see if you've been victimized by this hack yet.

-Transfer your funds off into a new wallet even if you haven't been victimized yet. DO NOT GO TO THE SITE TO DO THIS. Run MEW offline referencing the KB article here: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html

If you have used MEW in the last ~4 hours using MetaMask or Ledger Nano S or Trezor methods:

-The only possible issue with hardware wallets is redirection of funds that were sent during the time of attack. There have been no reports of this yet.

-Your account itself, should be fine since these methods don't expose your private key online when signing transactions or accessing your account. Avoid using the MEW website until successful triage has been confirmed.

If you have not used MEW in the last ~4 hours using the private key or keystore file methods:

-DO NOT GO TO THE MEW WEBSITE UNTIL THE ISSUE HAS BEEN CONFIRMED TO BE FIXED BY MEW TEAM. CURIOSITY WILL KILL YOU, CAT.

level 2
Redditor for 12 months.
5 points · 4 months ago

what is the real mew's ip? can't you just connect using it instead of url?

level 3
CC: 252 karma
3 points · 4 months ago

FYI its also technically possible to inject bogus routes into the internet routing protocols to redirect traffic, so even if you use IP address alone you still could end up being routed to a rogue server. Best to rely on SSL certificate verification at least but really also best to use a hardware wallet at the same time.

1 more reply

level 2
44432 karma | Karma CC: 2297
3 points · 4 months ago

what if i used it via the offline MEW wallet am safe right ?

level 3

Yep, you're fine. This only affected online users.

level 2
Altcoiner
2 points · 4 months ago

Thanks for the info!

level 2
Redditor for 6 months.
2 points · 4 months ago

Sorry if this is a dumb question, but I'm just learning. Is this an instance where a VPN could save you?

level 3

Nope.

level 3
12983 karma | CC: 1364 karma BTC: 2390 karma XMR: 1624 karma
2 points · 4 months ago

Yes. Unless the VPN use google's DNS, which good VPN won't due to privacy issues.

Never ignore SSL warnings, always check that you're using https.

1 more reply

5 more replies

level 2
2 - 3 years account age. 150 - 300 comment karma.
1 point · 4 months ago

i used it 24 hours ago , what time was the breach ?

level 3
1 point · 4 months ago · edited 4 months ago

The last 5 hours. Waiting on confirmation from MEW about resolution

level 2
108327 karma | CC: 124 karma DOGE: 523 karma
1 point · 4 months ago

Would metamask be a better way to check/move your coins?

level 3

Use a block explorer to check your addresses. Metamask or hardware wallet to interact with your funds.

level 2
Redditor for 4 months.
1 point · 4 months ago

What if we use the built in web browser plug in? Any concerns?

level 3
2 points · 4 months ago · edited 4 months ago

Unrelated to current attack. Should be fine. No reports yet of this being affected.

1 more reply

level 2

Is the green certificate thing at the left side of the address an indicator that this is alright, or is that completely unrelated?
I have always trusted that in the past.

level 3
8 months old | CC: 337 karma
4 points · 4 months ago

apparently those that have lost funds decided to ignore the SSL certificate warning.

level 4

So, it was not "verified by X"? Or that does not matter at all?

1 more reply

level 3
3 - 4 years account age. 100 - 200 comment karma.
2 points · 4 months ago

yeah I would like to know this as well and if metamask green shield would have prevented this or if it would have shown green even still

1 more reply

level 2

Anyone know if it's possible to send erc20 offline? Seems like you would only be able to send eth

level 3
Karma CC: 768 ETH: 778
2 points · 4 months ago

Yes it's possible. You do it by the exact same way. There is a tab you click on to change from eth to the token of your liking.

2 more replies

5 more replies

level 1
Ethereum fan
228 points · 4 months ago · edited 4 months ago

it's a google and amazon DNS problem, not specific to MEW. MEW didnt get hacked. just check the SSL certificate

also, since this is top, best to avoid MEW if possible for a while until the all clear

level 2
Altcoiner
24 points · 4 months ago

If you use a ledger to access MEW are you ok?

level 3
Ethereum fan
20 points · 4 months ago

Yep

level 4
18931 karma | Karma CC: 2277
7 points · 4 months ago

Phew. Love my nano s

level 5
12983 karma | CC: 1364 karma BTC: 2390 karma XMR: 1624 karma
7 points · 4 months ago

I love your nano s too!

level 6
Redditor for 2 months.
7 points · 4 months ago

I love you both

1 more reply

level 3
19069 karma | Karma CC: 1526 ETH: 12367 BTC: 2096
8 points · 4 months ago

As long as you check what you're confirming on the device - yes.

level 4
Altcoiner
4 points · 4 months ago

Thanks, I didn't send anything just logged on to see if my ETH was still there.

level 5
Positive | 10629 karma | Karma CC: 2098
7 points · 4 months ago

Haha, just for safetey purposes you don't have to login for that, just keep a copy of your Public key & track it on etherscan.io or ethplorer.io for token balances.

level 3
98032 karma | Karma CC: 159
2 points · 4 months ago

you should be fine

level 3
NEO fan
2 points · 4 months ago

I sent some tokens not too long ago (2 hrs?) And they reached their destination just fine. This is using a ledger nano s

level 2
8 - 9 years account age. 450 - 900 comment karma.
7 points · 4 months ago

Google's DNS actually had nothing to do with it. Amazon's DNS servers were hijacked which impacted anyone who peers with Hurricane Electric. Google's DNS servers are widely used, and they peer with Hurricane Electric, so they were impacted by the BGP hijacking that was targeted at Amazon's DNS servers.

level 2
1 - 2 year account age. 35 - 100 comment karma.
3 points · 4 months ago

More specifically, the issue was caused by a third party ISP who experienced a BGP leak, causing 8.8.8.8 to go to a malicious dns server, which returned the ip address to the fake mew site. http://status.aws.amazon.com/

23 more replies

level 1

DNS goes to some russian IP, be careful

37 more replies

level 1

And this is one of the major things holding crypto back, how would you feel to wake up every day and have to check your account hoping it hasn't been hacked and it's just a sitting duck. There really needs to be a lot more security with these things that is simple to use before it will really take off.

level 2
CC: 2976 karma
19 points · 4 months ago

Agreed.

On the bright side, that tells me we are all still in this very early.

level 3
Karma CC: 1242 Ripple: -14
15 points · 4 months ago

either that or the amazing tech is actually shit

1 more reply

level 2
Positive | Karma CC: 2453 BTC: 610
6 points · 4 months ago

This has absolutely nothing to do with crypto and could have been done to any site including a bank.

As the thread post says, this is a decades old attack and a 101 attack.

Interesting nobody is criticizing Google for fail security, it was their freakin DNS servers.

level 2
Moon
26 points · 4 months ago

Or just use a hardware wallet?

level 3

Maybe a solution for you and me but what about Joe from down the road that has heard of this bitcoin thing, he hears about one of the biggest "wallets" being hacked again and gets nervous and just FUDs. This happens CONSTANTLY at work when people ask me about Crypto.

level 4
15107 karma | Karma CC: 444
2 points · 4 months ago

Well coinbase is insured up to $250,000. But if you’re talking about alts, then yea there is nothing guaranteed.

level 5

Coinbase is FDIC insured for its US users with US dollars in Coinbase's pass through bank accounts. If you are not a US citizen, or if it is not the USD that is taken then the insurance does not kick in. ------edit------- I should add that Coinbase may have additional insurance. But the above is what the FDIC covers

3 more replies

1 more reply

level 4
Altcoiner
-3 points · 4 months ago

joe should read up on what he's investing in then.

level 5
Comment deleted4 months ago(3 children)
level 6
6 months old
2 points · 4 months ago

That's the price we pay for being early adopters. Hopefully, the reward ends up being worth the risk, but there is no guarantee that it will be. Personally, I have been victim to a few scams/fuck-ups, but I've diversified across enough coins and exchanges that it hasn't affected me more than just being an annoyance. Unfortunately, some people haven't been as lucky; they've lost their whole portfolio due to not spreading out their risk and not being extremely security conscious. We are still in the phase where small oversights have huge consequences. This space needs way more consumer protection before widespread adoption will occur. In the mean time, we must remain vigilant for the sake of our investments and for the sake of our community. In the future, I hope that karma rewards our stewardship.

1 more reply

1 more reply

level 5

Yeah people need to realize the risks of investing in cryptocurrency. Equifax gets hacked and months later, people don't really seem to mine even though it has the potential to hit them fairly hard.

I understand security is important but so is understanding the risks especially when you are an "early" adopter.

level 6
CC: 2615 karma
5 points · 4 months ago

But the way the system is built, the Equifax hack's damage can be largely undone if anyone suffers loss. Transactions can be reversed and credit histories cleared. It might be a pain in the ass to go through, but nothing like having a substantial crypto wallet hacked without recourse.

level 4
4 months old | 13500 karma
1 point · 4 months ago

What about when Joe hears a news report about some identity theft or credit card fraud ring that got busted? Is he going to FUD because he has a credit card?

level 5
CC: 2615 karma
7 points · 4 months ago

Nope, because credit card companies guarantee that their customers are not liable in the event of identity theft or fraud. So Joe can sleep comfortably at night knowing that Visa and Mastercard take the hit if they allow fraudulent charges.

1 more reply

level 3
Investor
2 points · 4 months ago

Or a paper wallet? Or encrypted pen drive wallet?

level 4
Stinky
2 points · 4 months ago

lol this hardware wallet is like a cult

1 more reply

level 3
11769 karma | Karma CC: 612 BTC: 668
2 points · 4 months ago

Yeah you know everyone doesn't have $100 to buy a ledger right? 1% crypto holders are really hilarious when they think crypto has anything to do with them.

Use paper wallets please. They're free hardware wallets meant for all. For the argument you'll lose the key, wherever you'll store the hardware wallets seed, store that there. Don't have a printer? Make a wallet on coinomi, store the phrase in the same place, delete coinomi if you don't trust it, and there, another essentially hardware wallet you can acess with the seed phrase anywhere anytime. There, solved the whole problem for everyone. Cheers

level 4
Positive | 24495 karma | Karma CC: 751 NANO: 568
4 points · 4 months ago

Ton of disinformation here.

A PAPER WALLET IS NOT THE SAME THING AS A HARDWARE WALLET. A hardware wallet is a secure platform that allows you to access your account and make trades off of it.

A paper wallet is a wallet on paper, that's it. If you want to transfer funds, you need to expose your private key (even on an offline device) to make that happen.

A hardware wallet is a million times safer than a paper wallet in a live environment.

level 5
CC: 2615 karma
1 point · 4 months ago

Out of curiosity, what happens if the hardware fails on a hardware wallet? Serious question.

level 6
1 - 2 year account age. -15 - 35 comment karma.
3 points · 4 months ago

You can restore your keys to another hardware wallet using a backup phrase

3 more replies

level 6
CC: 252 karma
1 point · 4 months ago

They each have unique recovery keys that will recreate the private key on a new device! It's a fairly old and well understood crypto trick that works very well. As long as you store the recovery keys somewhere safe too (like in a safety deposit box) you're protected from hardware device failure.

level 6
Positive | 24495 karma | Karma CC: 751 NANO: 568
1 point · 4 months ago

When you set up your hardware wallet, it will give you a word phrase. I have a ledger, and the phrase is 24 words long. If your hardware wallet fails, you can either buy another ledger and restore your account using the phrase, or you can use a software based bip39 recovery to pull your private keys.

1 more reply

1 more reply

level 3
Positive | Karma CC: 1026 VEN: 1513
1 point · 4 months ago

Yup. If you have enough to worry about losing it, $50-$100 for a hardware wallet is an obvious investment.

level 4
Karma CC: 569 BTC: 542
3 points · 4 months ago · edited 4 months ago

Now we just need one that can accept all the alt coins, and can be used at merchants quickly. I'm not sure how that would be hardwired or designed, maybe flash updated, but most normal people won't just roll with losing even $50 in crypto, every time a hacker hacks, so web and phone wallets are not gonna cut it adoption-wise, even for small amounts. If I lost $50 physical fiat from my physical wallet every time a hacker hacked, I'd stop carrying more than $5. A lot of Crypto-kiddies can't see the Crypto-status quo Wild West Web Log In-ner Beware as unacceptable.

level 3

are ledger users okay in this hack?

level 4
Moon
1 point · 4 months ago

The entire point of ledger is not having to care if the computer or site you use is compromised. You verify the address and transaction from the ledger.

level 5

ok dope

11 more replies

level 2
Redditor for 6 months.
11 points · 4 months ago

Yet it's the price we pay for cryptos. How could you implement the safety and insurance mechanics of traditional fiat without a bank and a governing organization? But if you have those authorities, it's crypto no more. Like Xrp. Just sayin'.

level 3
CC: -218 karma CC: -218 karma
4 points · 4 months ago

It's almost like the solution is worse than the problem.

level 2
IOTA fan
2 points · 4 months ago

In this situation, no wallet has been hacked in the way that you’re desbribing. This was just a phishing attempt.

level 2
4 months old | 13500 karma
2 points · 4 months ago

This same thing happens all the time with traditional banking methods too. This is nothing new.

9 more replies

level 1
14905 karma | Karma CC: 1846 BATProject: 6978 ETH: 2483
13 points · 4 months ago

This is the one scenario I came up with where something like MEW could be compromised - redirection to another page via compromised DNS. That’s why I started using offline transactions. It’s an ugly extra step, but this would have never affected me since I started doing it. Another great way to ensure safety is to login through Metamask. Be careful out there!

4 more replies

level 1
Moderator of r/CryptoCurrency, speaking officially13 points · 4 months ago · edited 4 months ago

It appears approx. 524 ETH were taken and then moved into what I can only assume is an exchange hot wallet address (which contains 25k+ ETH).

This is the address it all went into finally (https://etherscan.io/address/0x39683abdba389bad9d39fadb82a45bc56244133f) before being moved to what I would assume is the hot wallet address: https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39

If you see anything incorrect in here, please let me know.

Please note that this was not an actual hack of My Ether Wallet.

Per comment below: It actually had nothing to do with Google's DNS. Traffic to Amazon's DNS servers was redirected by BPG hijacking, but the route announcements were only sent to people who peer with Hurricane Electric. Lots of DNS servers were impacted, but Google's DNS is widely used so that's the one that was most reported. Saying it was Google's DNS servers that were hijacked though is totally incorrect, it was Amazon's DNS servers.

level 2

https://cointelegraph.com/news/exclusive-myetherwallet-confirms-hacking-rumors-are-stupid-lie/amp?__twitter_impression=true

MEW was warned in January that this was happening and they spent their energy calling all the security experts "liars."

Now it's April and they've done absolutely nothing to protect against this.

Hell yeah it's their fault.

Can't wait for their next "to his could've happened to anyone" bullshit Reddit post.

Shitty humans being shitty. Again.

level 3
Redditor for 7 months.
6 points · 4 months ago

In fairness they were responding to posts claiming they weren't safe to use and that "their" DNS had been hacked. That was, in fact, a lie. But the attack could be done against any site without MEW being able to do much about it - unless you can educate me as to what MEW could have done?

level 3
Karma CC: 852
2 points · 4 months ago

If somebody hacks your DNS. He can literally compromise any website. It's not fair to attribute this to MEW which is just an interface that you can also download and run off your computer.

level 2

It's 900 not 999

level 3

Thanks. Edited.

5 more replies

level 1
Programmer
22 points · 4 months ago · edited 4 months ago

215 Ether on its way out of the phishing wallet now. Damn, that guy/girl/people made out like a bandit.

level 2
[deleted]
6 points · 4 months ago

That is absolutely fucking disgusting. Cunts like him/her make me sick.

level 3
Programmer
12 points · 4 months ago

well to make it worse, it looks like it's being sent to a wallet (maybe the scammers main wallet?) worth $16m https://etherscan.io/address/0xb3aaaae47070264f3595c5032ee94b620a583a39

level 4
[deleted]
5 points · 4 months ago

By the looks of the comments this isn't the first time he's phished websites.

level 4
Redditor for 7 months.
3 points · 4 months ago

Over $17m now

level 4
33340 karma | Karma CC: 30773 BTC: 3040
6 points · 4 months ago

It's an exchange.

level 5
Programmer
6 points · 4 months ago

How can you tell? Do you know which one?

level 6
19069 karma | Karma CC: 1526 ETH: 12367 BTC: 2096
1 point · 4 months ago

muh money = exchange, duh! /s

1 more reply

2 more replies

level 4
Redditor for 10 months.
1 point · 4 months ago

And how he will transfer this crypto to fiat? Everyone know thats his main adress?

level 5
2 - 3 years account age. 75 - 150 comment karma.
15 points · 4 months ago

Very easily with decentralized exchanges and privacy coins like Monero.

level 6
4 months old | 13500 karma
1 point · 4 months ago

The Bitshares dex still requires verification for fiat withdrawals.

2 more replies

level 5

Convert to privacy coin and send to a wallet then convert back and cash out?

level 5
Observer
10 points · 4 months ago

Monero

level 5
Investor
3 points · 4 months ago

VPN - > shapeshift - > monero

2 more replies

level 4
Redditor for 9 months.
1 point · 4 months ago

Looks like s/he's trying to send it out, but can't keep up.

2 more replies

level 3
Redditor for 10 months.
1 point · 4 months ago

$140,000 is going to set him up for life?

I’d rather not be worried about getting caught somehow.

Not enough money for me to do something like that

level 4
CC: 2615 karma
5 points · 4 months ago

No real risk of getting caught. Maybe a casual non-tech person's transactions can be traced back to their identity if some government agency is willing to spend millions of dollars to do so (like in the Silk Road investigation), but a hacker will be able to cover their tracks easily.

level 5
Redditor for 10 months.
1 point · 4 months ago

Yes but there’s always the “what if”.

He’s gotta be a bit concerned. I doubt sleeping like a baby.

1 more reply

3 more replies

1 more reply

1 more reply

level 1
CC: 2615 karma
38 points · 4 months ago

One of the reasons why I shake my head when people say "Crypto is way more secure than traditional banking."

Yes, phishing and hacking can happen in traditional banking, but your funds are insured against loss due to theft or fraud. In crypto, your money is gone forever with no recourse.

level 2
Redditor for 6 months.
3 points · 4 months ago

Actually i think some exchanges insured your founds

7 more replies

22 more replies

level 1
Redditor for 2 months.
45 points · 4 months ago

For fucks sake, can't somebody build a decentralized dynamic domain name service (DDDNS) already?!

level 2
Miner
19 points · 4 months ago

namecoin?

2 more replies

level 2
Redditor for 12 months.
6 points · 4 months ago

Wouldn't stop BGP highjacking.

level 2
11769 karma | Karma CC: 612 BTC: 668
6 points · 4 months ago

Only if you could decentralise malice.

level 2
Positive | 24495 karma | Karma CC: 751 NANO: 568
1 point · 4 months ago

What coin is DDNS? Where is it traded at?

6 more replies

level 1
You're all Idiots
6 points · 4 months ago

could this be related at all to binance also having issues earlier? didnt CZ say it was an amazon DNS issue or google etc...? could he have attempted binance?

level 2
Redditor for 7 months.
3 points · 4 months ago

I was wondering the same myself.

level 1
6 points · 4 months ago

If I just logged in and sent transactions via my ledger, am I safe?

level 2
4 - 5 years account age. 500 - 1000 comment karma.
8 points · 4 months ago

You are safe, the keys are not exposed this way.

level 2

bump is there an answer to this?

level 1
Redditor for 8 months.
25 points · 4 months ago

Pls sir mi famil

level 1
[deleted]
14 points · 4 months ago · edited 4 months ago

SSL redirect is not a hack, it's a big boy phish. This happens literally all the time to every major wallet, exchange, etc.

level 2
8 - 9 years account age. 450 - 900 comment karma.
2 points · 4 months ago

Except it was BGP hijacking.

level 3
14716 karma | Karma CC: 633
2 points · 4 months ago

I love how you got downvoted. Pretty much sums up this subreddit. It was BGP hijacking.

level 4
8 - 9 years account age. 450 - 900 comment karma.
2 points · 4 months ago

Yeah, I don't even think a "SSL redirect" attack is a thing?

level 5
14716 karma | Karma CC: 633
2 points · 4 months ago

Nope, I just think they're throwing around buzzwords without bothering to learn what it actually means.

level 1
7 months old | Karma CC: 7046 EOS: 363
4 points · 4 months ago

This just confirms my general fears about the level of trust placed on various software wallet solutions - not the fact that they can be hacked - anything can be hacked - but that's there's fuck all recourse if you fall victim.

Bang, your money is gone and there's sweet FA you can ever do about it.

Another aspect completely unrelated to security and wallets, is sending the wrong coins to the wrong address - to me, that's even more of a problem for adoption. If you send FIAT to the wrong account, so long as you react in time, it can be undone - your bank can reverse the mistake. With cryptocurrency, your chances of recovering from an incorrect transaction are low.

Recently, I used MEW to send to binance, but in a mixup, I sent an ERC20 token not supported yet. It took me 30 days and cost me $200 to fix that fuckup. I was just lucky it was binance.

4 more replies

level 1

Dude these kind of attacks have been going on for a while which is why MEW has disclaimers and warnings about it. I've been using MEW just fine(from encrypted keystore) but I don't use Google DNS(so they might be right about that)

level 2
5 points · 4 months ago

Can someone explain more what google DNS is doing? I kinda use it to get on piratebay etc, how safe is the google DNS to log into Binance etc?

level 3

Let me try to explain it in a simple way. At a network like world wide web, all servers have IP adresses. It's like your house adress but it is in numbers such as 14.88.22.13. You can request to access information held in a server by entering these IP adresses to your browser adress bar, and your browser will take you to that adress like a taxi taking you home.

Now think about all the adresses you want to go, how can you memorize all these adresses with seemingly random numbers? Well practically you can't. That is why many many years ago, something called domain name service started. What is happening is instead of you typing all these different IPs you can't remember to your browser, you type a name like "myetherwallet.com" that you can easily remember and your browser asks a trusted database what that name actually stands for as an IP adress. These name - IP pairings are done when you buy a domain name from domain name suppliers and once you pay for it, the name - IP pairings are distributed to databases that are called DNS servers to which your browser asks for IPs. Google is one of these DNS suppliers that you can use and from what I understand today's hack is related to google's DNS database being compromised. So people writing "myetherwallet.com" to their browsers were directed to a different IP adress than they should have been, if they were using google DNS.

Now how can you protect yourself? There is something called SSL certificate, which is basically a certifying body that gives domain names a private key to embed in their server which will be checked with a public key held in certifying body's servers every time someone goes to that domain name. If a hacker redirects the domain name to a different IP by hijacking the dns server, but does not know this private key (which is what happened here) the browser will say that the certificate failed. This means it is very possible that the domain name was compromised. You just have to pay attention to your browser certificate notifications and double check the domain name you see on the adress bar.

level 4
7 months old | CC: 2188 karma VEN: 1048 karma
6 points · 4 months ago

And this is exactly what we need in crypto as well. Not sending to 0x3291238nfasoiiw129x and send it to John_Nash instead.

level 5
[deleted]
3 points · 4 months ago

Is that not what ENS is?

level 5

Wouldn't people be able to redirect wallets then though? Genuinely curious.

level 6

It would indeed create a new attack vector but would add an easy access method. This is an interesting idea for doing in a decentralised way though!

level 7
CC: 252 karma
2 points · 4 months ago

True its a great idea, but yet again another slew of potential attack vectors there too. If people are still using MEW and clicking on buttons when browser SSL Cert warnings are going off and despite the total overkill of warnings on MEW about exactly this potential attack a solution is never going to work when you have to account for people still having to make informed choices.

There is (AFAIK) no solution for secure decentralized access to a blockchain unless you are at least running (and maintaining) your own node, there will always be some intermediary pointing you somewhere and therefore a potential MITM at some protocol level (from SSL/TLS, HTTP, DNS, IP and down into the WIFI protocols.) So add another layer of abstraction that still requires humans to make decisions only shifts the attack up/down the layers.

You could even be running your own Ethereum node and yet it too could be compromised because you unknowingly downloaded it from a rogue server... so then that node when used for "secure" decentralized DNS could be pointing you to a MEW phishing site; the attack vectors are numerous until the entire ecosystem changes.

level 6
7 months old | CC: 2188 karma VEN: 1048 karma
1 point · 4 months ago

Probably not, it is the same now, why wont they redirect from 0x...7f to 0x...8f? If your wallet has a name on the blockchain i dont see a way to redirect that other than malwares on the user pc.

2 more replies

level 3

Google DNS is a free public option that may be faster than your ISP's DNS server. DNS is how you can type in "xyz.com" and get to the right webpage that really is identified by an ip address 123.456.789.0. If you haven't setup google dns in your internet setting you are just using your ISP by default...

level 4
2 points · 4 months ago

I pretty sure my providers ISP is faster, but that's not the reason i'm using it. I'm using the google DNS cause my provider blocked some sites i visit to often, so my question was if it is safe using google DNS to login into Binance etc..

level 5
2 points · 4 months ago

Also I noticed when i'm using Binancen, reddit or CMC my google DNS isn't working properly after some time cause i'm getting blocked again on the other sites. gotta reload my browser to get it working again, what's the problem with that?

level 6

Google might be trying to work on a fix, at least I hope they aware...

level 1
12033 karma | Karma CC: 490 VEN: 562
4 points · 4 months ago

What other methods can we use to interface with hardware wallet instead of using MEW site?

level 1
Karma CC: 768 ETH: 778
4 points · 4 months ago

And this is why you should use the OFFLINE version of MEW.

5 more replies

level 1
6 months old | 71404 karma
6 points · 4 months ago

Hypothetically speaking, would my ETH be at risk if I used a version of MyEtherWallet downloaded locally months ago to sign a transaction offline, and then pasted that into the phising site?

level 2
Karma CC: 768 ETH: 778
10 points · 4 months ago

No, since they do not get access to your private key. The signature that they get is useless, since it only can execute a specific one-way transaction that you have requested.

1 more reply

level 1
[deleted]
3 points · 4 months ago

This is what happened to EtherDelta back in January...how is it so commen for DNS's to be hijacked and redirect to another website?

Why does this not happen as often with non-crypto based sites?

level 2
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
Original Poster2 points · 4 months ago

I'm sure it happens, but with crypto sites, you have access to a lot of people's money anonymously. Try DNS spoofing a regular ecommerce site and you may get the credit card info, but those owners can report fraud and get chargebacks. Not in crypto

2 more replies

level 1
8 months old | CC: 337 karma
3 points · 4 months ago

"Affected users likely clicked the "ignore" button on the SSL warning"... seriously dudes.

level 2

Hell man in Chrome you have to jump through hoops to get through to a site that has a certificate problem it defaults to 'take me back to safety'.

level 1
Redditor for 8 months.
11 points · 4 months ago

Fuck wallets ! Viva Binance balance account !!

level 2
15107 karma | Karma CC: 444
20 points · 4 months ago · edited 4 months ago

Not sure if this is serious, but I’m getting more comfortable holding on Binance now. Better than downloading a bunch of wallets from random coins. And the last few exchange hacks, the exchanges have paid everyone back. I think the businesses are getting more legit. They’re on a different level than mtgox was.

In other words, I trust binance as a company more than the people who make the wallet for some shitcoin.

For the big currencies you should use hardware wallet.

level 3
Redditor for 8 months.
12 points · 4 months ago

I was damn serious. Never moved from there. Feel comfy .

level 3
Positive | 24495 karma | Karma CC: 751 NANO: 568
3 points · 4 months ago

Binance is really the only exchange I trust. But don't fool yourself thinking it is 100% safe. Fake website addresses, Bínance, for instance, could steal your login/pass because that i is a í. It will make you think you are logging into a different website. 2FA helps in this instance, but not everyone has 2FA.

Like you said, if you are serious about crypto, get a hardware wallet for the currencies it can support, and have an offline only computer/paper wallet for those that it doesn't.

I am not trying to jump your ass, I just don't want people to see your comment and think that Binance is 100% safe.

1 more reply

level 3
CC: 2615 karma
1 point · 4 months ago

It would be one thing if there were a one-stop wallet hardware solution. But the existing hardware wallets only work with some coins, not others. So the end result is that people who might hold a couple dozen coins have to have 7-8 wallets to manage.

2 more replies

level 2
Positive | 5 months old
2 points · 4 months ago

The same thing could happen to Binance :D Although if you have 2FA there, you would be fine.

level 2
Ethereum fan
2 points · 4 months ago

This has to be sarcasm right? You want to leave your funds in control of a third party custodian? This is like the opposite of the basic ideas of cryptocurrency. Doing this has ended badly many more times than a wallet has been hacked (MEW wasn't hacked). Here's some sources:

Coincheck

http://fortune.com/2018/01/31/coincheck-hack-how/

Bitfinex

https://en.wikipedia.org/wiki/Bitfinex_hack

MtGox:

https://www.wired.com/2014/03/bitcoin-exchange/

2 more replies

level 2

I know right, its funny cause i was considering using MEW today to get my OMG off binance for airdrop, but told myself i'll wait till more info is out, glad i did!

1 more reply

level 1
41663 karma | Karma CC: 251
2 points · 4 months ago

u/kvhnuke have any updates or confirmations?

level 1
Redditor for 5 months.
2 points · 4 months ago

how about the metamask(that sleepy Wolfie), is it affected?

level 2
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
Original Poster3 points · 4 months ago

There are no current reports of Metamask being affected, that would be related to this MEW event

level 1
Redditor for 7 months.
2 points · 4 months ago

If you're using any kind of hot wallet you have to pay attention to every detail. The lure of easy money is too strong for hackers to avoid. People still falling for phishing scams on email but the crypto payout is so much better!

level 1
Karma CC: 133 LTC: 424
2 points · 4 months ago

Question on the guide. How does one connect to the blockchain on an offline computer? Instructions do not make any sense in that respect.

level 1

I haven’t used MEW in months since securing my coins in a ledger. Are all my coins stolen?

2 more replies

level 1
Investor
4 points · 4 months ago

Upvoting for visibility.

level 1
Redditor for 12 months.
2 points · 4 months ago

oopsie

level 1
Ethereum fan
2 points · 4 months ago

Wtf! Was MyCrypto hacked too?

I just used MyCrypto to access my wallet.

level 2

MyCrypto.com was not compromised. I am the one tweeting from @MyCrypto.

However it's always best to use a hardware wallet or run MyCrypto/MEW locally.

level 2

Probably not. I wouldn't be surprised if the MyCrypto team is behind this. Look what they did earlier this year, the terrorist hijacking tactics they took on MEW.
Fuck MyCrypto. You don't get to be successful by starting as a shady scammer/thief. Horrible. The self servicing justification and reasoning was even worse! Feels like this could TOTALLY be attributed to Taylor and the MyCrypto team. I mean, if they were so devious as to hijack the Twitter account and try to subversively get customers to switch.... I see ZERO REASON for them to be honest and legit. They are making a competing product and anything they can do to slander the MEW name will not be put past these deviants.

level 3
14905 karma | Karma CC: 1846 BATProject: 6978 ETH: 2483
7 points · 4 months ago

You’re kidding right?

level 4

Nope. Did you remember when this all went down a few months ago? Shady as fuck. Super Shady.

I will never do business with MyCrypto.... that is dishonorable what they did.

level 5
[deleted]
5 points · 4 months ago

In fairness there's a big jump between hijacking a Twitter account to promote your new website and stealing $150k (and growing) off of random people.

2 more replies

level 1
1205611 karma | Karma CC: 11
1 point · 4 months ago · edited 4 months ago

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

 If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / ^Contact)

1 more reply

level 1
1 - 2 year account age. 100 - 200 comment karma.
1 point · 4 months ago

This doesn't affect people who use the Ledger device, right?

level 2
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
Original Poster2 points · 4 months ago

Correct. Anyone who has not logged into MEW is safe.

level 3
1 - 2 year account age. 100 - 200 comment karma.
1 point · 4 months ago

But if I have logged into MEW with the Ledger? I mean the keys are stored on the Ledger device.

4 more replies

1 more reply

level 1
Student
1 point · 4 months ago

Does it even affect you if you have the site bookmarked?

level 2

Yes

level 1
Moon
1 point · 4 months ago

since when MEW has login?

level 1

Are you affected if you have an offline Myetherwallet?

level 1
10875 karma | Karma CC: 801 NANO: 367
1 point · 4 months ago

Still safe with a ledger?

level 2
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
Original Poster1 point · 4 months ago

Yes

level 1

Damn, I logged in 13 hours ago, should I be worried?

level 2
10 months old | 24069 karma | Karma CC: 3242 DOGE: 731
Original Poster1 point · 4 months ago

It appears that this problem happened within the last 4 hours. You should be safe. Check via Etherscan just to confirm.

level 3

Thanks, I emptied my account so there was nothing for them to steal. Just worried about future income.

level 1

good wake up call for me. I always used to send ether on MEW using ledger nano S. I guess I should just use the app to send ether next time

level 1
Redditor for 6 months.
1 point · 4 months ago

85 Eth taken from one wallet. £80k ish in total about to be exchanged.

level 1
10161 karma | Karma CC: 9557
1 point · 4 months ago

I don't trust MetaMask, why is it being shilled as if it's the one and only solution?

level 1
Positive | 5 months old
1 point · 4 months ago · edited 4 months ago

That's why I use an older version of MEW, offline on my computer, downloaded directly from their github releases page: https://github.com/kvhnuke/etherwallet/releases

level 1
Investor
1 point · 4 months ago

The eth has been removed from hackers wallet looks like to an exchange.

level 1
8 months old | CC: 337 karma
1 point · 4 months ago · edited 4 months ago

What the hell man, is there a counter-discussion on twitter or something; bot-like accounts saying its fine? Its like crypto equivalent of a coup

level 1

I just checked mine and they are still there. I havent entered my account in months. Should I just leave things as they are?

level 1
Redditor for 3 months.
1 point · 4 months ago

This just had to happen after breaking 9k resistance

level 1
Karma CC: 227
1 point · 4 months ago

Doesn't help m00ning, thankfully I use a ledger nano s and logged in over 24 hours ago.

level 1
Positive | 15191 karma | Karma CC: 1684
1 point · 4 months ago

If we have not used MEW in months but have some ERC20 tokens on it, are we ok?

1 more reply

level 1
Redditor for 6 months.
1 point · 4 months ago

Not even these wallets are safe man.

level 1

be safe

117 more replies

Community Details

736k

Subscribers

9.5k

Online

The official source for CryptoCurrency News, Discussion & Analysis.

Create Post
r/CryptoCurrency Rules
1.
Obey the Golden Rule & Maintain Decorum
2.
No Spam
3.
No Manipulation
4.
Do Not Incite Illegal Activities or Beg
5.
No Low-Quality Content
6.
Do Not Reveal Personal Information
7.
Do Not Steal Content
8.
Keep Discussions on Topic
9.
Use Suitable Titles and Correct Flairs
10.
Communicate With the Mod Team
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.