Reddit Feeds

Sign up and stay connected to your favorite communities.

sign uplog in
Posted byRedditor for 8 months.28 days ago

MyEtherWallet has been hacked/breached

MEW has just made more official statement. and thus can find that this current situation is "fixed." But please ! do make caution at all times.

If you want to learn more about the technical side of this, click here

Google Domain Name System registration servers were hijacked earlier today at roughly 12PM UTC so that MEW users were redirected to a phishing site. This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system.

This can happen to any org & is not due to a lack of security on the MEW platform, but due to criminal hackers finding vulnerabilities in public-facing DNS servers. Your security & privacy is ALWAYS priority. We do not store any of your personal details, including keys.

Majority of those affected were using Google DNS servers. Affected users likely clicked the "ignore" button on the SSL warning that pops up when visiting a malicious site imitating MEW. MAKE SURE there is a green bar SSL certificate that says “MyEtherWallet Inc [US]”

Some advice for our users: run a local (offline) copy of MEW platform. Use hardware wallets to store your cryptocurrencies. IGNORE any tweets, Reddit posts, or ANY messages which claim to be giving away or reimbursing ETH on behalf of MEW.

To keep up this fight against this criminal phishing attack, we need our amazing community to support and educate each other - this is an ongoing battle that requires us all to stick together.

They have also said that everything is fine

It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide:

Original Post:

Official Statement from MEW:

Couple of DNS servers were hijacked to resolve users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.

Answering some common questions. Hardware Wallets should be fine. Use caution for now and DO NOT LOGIN. Please read the comment here, which is very helpful

There is a couple reports on the MEW sub regarding this:

MyEtherWallet has been hacked, it looks like a security SSL mismatch which is redirecting you to a different domain.

Right now it appears that people are being affected via LOGIN only. Do not login, and only view your balances via Etherscan or another explorer. If you need to send and move your funds, use another wallet, like Metamask, for now, or use MEW offline..

This post will be updated if more developments are found.

Edit: A comment on the MEW sub says that it's an issue with Google DNS. Personally I did not receive a cert warning. I would still wait for announcement. The hacker's address is still getting ETH.

Edit: here are some more information from r/EthTrader. It provides more links if you want to look into greater detail.

Edit: Thank you everyone for the clarification. It's a spoof of OpenDNS and not MEW. But the above info still does apply. I will await a further update from MEW, currently they only say they are working on it. It's been updated, check the top!

91% Upvoted
What are your thoughts? Log in or Sign uplog insign up
168 points·28 days ago·edited 28 days ago


If you've used MEW in the last ~4 hours using the private key or keystore file or mnemonic phrase methods:

-Check your address on to see if you've been victimized by this hack yet.

-Transfer your funds off into a new wallet even if you haven't been victimized yet. DO NOT GO TO THE SITE TO DO THIS. Run MEW offline referencing the KB article here:

If you have used MEW in the last ~4 hours using MetaMask or Ledger Nano S or Trezor methods:

-The only possible issue with hardware wallets is redirection of funds that were sent during the time of attack. There have been no reports of this yet.

-You account itself, should be fine since these methods don't expose your private key online when signing transactions or accessing your account. Avoid using the MEW website until successful triage has been confirmed.

If you have not used MEW in the last ~4 hours using the private key or keystore file methods:


Redditor for 11 months.5 points·28 days ago

what is the real mew's ip? can't you just connect using it instead of url?

FYI its also technically possible to inject bogus routes into the internet routing protocols to redirect traffic, so even if you use IP address alone you still could end up being routed to a rogue server. Best to rely on SSL certificate verification at least but really also best to use a hardware wallet at the same time.

1 more reply

IOTA fan3 points·27 days ago

what if i used it via the offline MEW wallet am safe right ?

Yep, you're fine. This only affected online users.

Redditor for 4 months.2 points·28 days ago

Sorry if this is a dumb question, but I'm just learning. Is this an instance where a VPN could save you?


Monero fan2 points·28 days ago

Yes. Unless the VPN use google's DNS, which good VPN won't due to privacy issues.

Never ignore SSL warnings, always check that you're using https.

1 more reply

5 more replies

Altcoiner1 point·28 days ago

Thanks for the info!

2 - 3 years account age. 150 - 300 comment karma.1 point·28 days ago

i used it 24 hours ago , what time was the breach ?

1 point·28 days ago·edited 28 days ago

The last 5 hours. Waiting on confirmation from MEW about resolution

Would metamask be a better way to check/move your coins?

Use a block explorer to check your addresses. Metamask or hardware wallet to interact with your funds.

Redditor for 4 months.1 point·28 days ago

What if we use the built in web browser plug in? Any concerns?

2 points·28 days ago·edited 28 days ago

Unrelated to current attack. Should be fine. No reports yet of this being affected.

1 more reply

Is the green certificate thing at the left side of the address an indicator that this is alright, or is that completely unrelated?
I have always trusted that in the past.

Redditor for 6 months.4 points·28 days ago

apparently those that have lost funds decided to ignore the SSL certificate warning.

So, it was not "verified by X"? Or that does not matter at all?

1 more reply

3 - 4 years account age. 50 - 100 comment karma.2 points·28 days ago

yeah I would like to know this as well and if metamask green shield would have prevented this or if it would have shown green even still

1 more reply

3 - 4 years account age. 400 - 1000 comment karma.1 point·28 days ago

Anyone know if it's possible to send erc20 offline? Seems like you would only be able to send eth

Yes it's possible. You do it by the exact same way. There is a tab you click on to change from eth to the token of your liking.

2 more replies

5 more replies

Ethereum fan231 points·28 days ago·edited 28 days ago

it's a google and amazon DNS problem, not specific to MEW. MEW didnt get hacked. just check the SSL certificate

also, since this is top, best to avoid MEW if possible for a while until the all clear

Altcoiner24 points·28 days ago

If you use a ledger to access MEW are you ok?

Ethereum fan22 points·28 days ago


Phew. Love my nano s

Monero fan6 points·28 days ago

I love your nano s too!

Redditor for 2 months.7 points·28 days ago

I love you both

1 more reply

Ethereum fan8 points·28 days ago

As long as you check what you're confirming on the device - yes.

Altcoiner4 points·28 days ago

Thanks, I didn't send anything just logged on to see if my ETH was still there.

Haha, just for safetey purposes you don't have to login for that, just keep a copy of your Public key & track it on or for token balances.

you should be fine

Moon2 points·28 days ago

I sent some tokens not too long ago (2 hrs?) And they reached their destination just fine. This is using a ledger nano s

Programmer6 points·28 days ago

Google's DNS actually had nothing to do with it. Amazon's DNS servers were hijacked which impacted anyone who peers with Hurricane Electric. Google's DNS servers are widely used, and they peer with Hurricane Electric, so they were impacted by the BGP hijacking that was targeted at Amazon's DNS servers.

1 - 2 year account age. 35 - 100 comment karma.3 points·28 days ago

More specifically, the issue was caused by a third party ISP who experienced a BGP leak, causing to go to a malicious dns server, which returned the ip address to the fake mew site.

23 more replies

Student24 points·28 days ago

DNS goes to some russian IP, be careful

can confirm

37 more replies

And this is one of the major things holding crypto back, how would you feel to wake up every day and have to check your account hoping it hasn't been hacked and it's just a sitting duck. There really needs to be a lot more security with these things that is simple to use before it will really take off.

Gentleman20 points·28 days ago


On the bright side, that tells me we are all still in this very early.

Max Power14 points·28 days ago

either that or the amazing tech is actually shit

1 more reply

This has absolutely nothing to do with crypto and could have been done to any site including a bank.

As the thread post says, this is a decades old attack and a 101 attack.

Interesting nobody is criticizing Google for fail security, it was their freakin DNS servers.

Moon24 points·28 days ago

Or just use a hardware wallet?

Maybe a solution for you and me but what about Joe from down the road that has heard of this bitcoin thing, he hears about one of the biggest "wallets" being hacked again and gets nervous and just FUDs. This happens CONSTANTLY at work when people ask me about Crypto.

Invisible Flair. Just delete text.2 points·28 days ago

Well coinbase is insured up to $250,000. But if you’re talking about alts, then yea there is nothing guaranteed.

1 - 2 years account age. 200 - 1000 comment karma.3 points·28 days ago

Coinbase is FDIC insured for its US users with US dollars in Coinbase's pass through bank accounts. If you are not a US citizen, or if it is not the USD that is taken then the insurance does not kick in. ------edit------- I should add that Coinbase may have additional insurance. But the above is what the FDIC covers

3 more replies

1 more reply

Altcoiner-2 points·28 days ago

joe should read up on what he's investing in then.

I think the point they were trying to make is that if someone needs to do so much research and learning to not lose their money, it will prevent this from going mainstream anytime soon. In it's current state, none of this stuff could realistically be used as a legitimate widely adopted currency.

5 - 6 years account age. 150 - 300 comment karma.2 points·28 days ago

That's the price we pay for being early adopters. Hopefully, the reward ends up being worth the risk, but there is no guarantee that it will be. Personally, I have been victim to a few scams/fuck-ups, but I've diversified across enough coins and exchanges that it hasn't affected me more than just being an annoyance. Unfortunately, some people haven't been as lucky; they've lost their whole portfolio due to not spreading out their risk and not being extremely security conscious. We are still in the phase where small oversights have huge consequences. This space needs way more consumer protection before widespread adoption will occur. In the mean time, we must remain vigilant for the sake of our investments and for the sake of our community. In the future, I hope that karma rewards our stewardship.

1 more reply

1 more reply

Yeah people need to realize the risks of investing in cryptocurrency. Equifax gets hacked and months later, people don't really seem to mine even though it has the potential to hit them fairly hard.

I understand security is important but so is understanding the risks especially when you are an "early" adopter.

Gentleman2 points·28 days ago

But the way the system is built, the Equifax hack's damage can be largely undone if anyone suffers loss. Transactions can be reversed and credit histories cleared. It might be a pain in the ass to go through, but nothing like having a substantial crypto wallet hacked without recourse.

What about when Joe hears a news report about some identity theft or credit card fraud ring that got busted? Is he going to FUD because he has a credit card?

Gentleman6 points·28 days ago

Nope, because credit card companies guarantee that their customers are not liable in the event of identity theft or fraud. So Joe can sleep comfortably at night knowing that Visa and Mastercard take the hit if they allow fraudulent charges.

1 more reply

Investor2 points·28 days ago

Or a paper wallet? Or encrypted pen drive wallet?

Stinky2 points·28 days ago

lol this hardware wallet is like a cult

1 more reply

You say bullshit, i hear bullish2 points·28 days ago

Yeah you know everyone doesn't have $100 to buy a ledger right? 1% crypto holders are really hilarious when they think crypto has anything to do with them.

Use paper wallets please. They're free hardware wallets meant for all. For the argument you'll lose the key, wherever you'll store the hardware wallets seed, store that there. Don't have a printer? Make a wallet on coinomi, store the phrase in the same place, delete coinomi if you don't trust it, and there, another essentially hardware wallet you can acess with the seed phrase anywhere anytime. There, solved the whole problem for everyone. Cheers

Ton of disinformation here.

A PAPER WALLET IS NOT THE SAME THING AS A HARDWARE WALLET. A hardware wallet is a secure platform that allows you to access your account and make trades off of it.

A paper wallet is a wallet on paper, that's it. If you want to transfer funds, you need to expose your private key (even on an offline device) to make that happen.

A hardware wallet is a million times safer than a paper wallet in a live environment.

Gentleman1 point·28 days ago

Out of curiosity, what happens if the hardware fails on a hardware wallet? Serious question.

1 - 2 year account age. -15 - 35 comment karma.3 points·28 days ago

You can restore your keys to another hardware wallet using a backup phrase

3 more replies

They each have unique recovery keys that will recreate the private key on a new device! It's a fairly old and well understood crypto trick that works very well. As long as you store the recovery keys somewhere safe too (like in a safety deposit box) you're protected from hardware device failure.

When you set up your hardware wallet, it will give you a word phrase. I have a ledger, and the phrase is 24 words long. If your hardware wallet fails, you can either buy another ledger and restore your account using the phrase, or you can use a software based bip39 recovery to pull your private keys.

1 more reply

1 more reply

Altcoiner2 points·28 days ago

Yup. If you have enough to worry about losing it, $50-$100 for a hardware wallet is an obvious investment.

Moon3 points·28 days ago·edited 28 days ago

Now we just need one that can accept all the alt coins, and can be used at merchants quickly. I'm not sure how that would be hardwired or designed, maybe flash updated, but most normal people won't just roll with losing even $50 in crypto, every time a hacker hacks, so web and phone wallets are not gonna cut it adoption-wise, even for small amounts. If I lost $50 physical fiat from my physical wallet every time a hacker hacked, I'd stop carrying more than $5. A lot of Crypto-kiddies can't see the Crypto-status quo Wild West Web Log In-ner Beware as unacceptable.

are ledger users okay in this hack?

The entire point of ledger is not having to care if the computer or site you use is compromised. You verify the address and transaction from the ledger.

ok dope

11 more replies

Redditor for 5 months.10 points·28 days ago

Yet it's the price we pay for cryptos. How could you implement the safety and insurance mechanics of traditional fiat without a bank and a governing organization? But if you have those authorities, it's crypto no more. Like Xrp. Just sayin'.

Monero fan3 points·28 days ago

It's almost like the solution is worse than the problem.

NEO fan2 points·28 days ago

In this situation, no wallet has been hacked in the way that you’re desbribing. This was just a phishing attempt.

This same thing happens all the time with traditional banking methods too. This is nothing new.

9 more replies

This is the one scenario I came up with where something like MEW could be compromised - redirection to another page via compromised DNS. That’s why I started using offline transactions. It’s an ugly extra step, but this would have never affected me since I started doing it. Another great way to ensure safety is to login through Metamask. Be careful out there!

4 more replies

TraderModerator of r/CryptoCurrency, speaking officially12 points·28 days ago·edited 28 days ago

It appears approx. 524 ETH were taken and then moved into what I can only assume is an exchange hot wallet address (which contains 25k+ ETH).

This is the address it all went into finally ( before being moved to what I would assume is the hot wallet address:

If you see anything incorrect in here, please let me know.

Please note that this was not an actual hack of My Ether Wallet.

Per comment below: It actually had nothing to do with Google's DNS. Traffic to Amazon's DNS servers was redirected by BPG hijacking, but the route announcements were only sent to people who peer with Hurricane Electric. Lots of DNS servers were impacted, but Google's DNS is widely used so that's the one that was most reported. Saying it was Google's DNS servers that were hijacked though is totally incorrect, it was Amazon's DNS servers.

MEW was warned in January that this was happening and they spent their energy calling all the security experts "liars."

Now it's April and they've done absolutely nothing to protect against this.

Hell yeah it's their fault.

Can't wait for their next "to his could've happened to anyone" bullshit Reddit post.

Shitty humans being shitty. Again.

Redditor for 4 months.5 points·28 days ago

In fairness they were responding to posts claiming they weren't safe to use and that "their" DNS had been hacked. That was, in fact, a lie. But the attack could be done against any site without MEW being able to do much about it - unless you can educate me as to what MEW could have done?

If somebody hacks your DNS. He can literally compromise any website. It's not fair to attribute this to MEW which is just an interface that you can also download and run off your computer.

It's 900 not 999

Trader1 point·28 days ago

Thanks. Edited.

5 more replies

Programmer22 points·28 days ago·edited 28 days ago

215 Ether on its way out of the phishing wallet now. Damn, that guy/girl/people made out like a bandit.

Redditor for 5 months.7 points·28 days ago

That is absolutely fucking disgusting. Cunts like him/her make me sick.

Programmer14 points·28 days ago

well to make it worse, it looks like it's being sent to a wallet (maybe the scammers main wallet?) worth $16m

Redditor for 5 months.3 points·28 days ago

By the looks of the comments this isn't the first time he's phished websites.

Redditor for 6 months.3 points·28 days ago

Over $17m now

It's an exchange.

Programmer6 points·28 days ago

How can you tell? Do you know which one?

Ethereum fan1 point·28 days ago

muh money = exchange, duh! /s

1 more reply

2 more replies

Redditor for 9 months.1 point·28 days ago

And how he will transfer this crypto to fiat? Everyone know thats his main adress?

2 - 3 years account age. 75 - 150 comment karma.15 points·28 days ago

Very easily with decentralized exchanges and privacy coins like Monero.

The Bitshares dex still requires verification for fiat withdrawals.

2 more replies

Convert to privacy coin and send to a wallet then convert back and cash out?

Redditor for 5 months.9 points·28 days ago


Investor3 points·28 days ago

VPN - > shapeshift - > monero

2 more replies

Redditor for 9 months.1 point·28 days ago

Looks like s/he's trying to send it out, but can't keep up.

2 more replies

Redditor for 8 months.1 point·28 days ago

$140,000 is going to set him up for life?

I’d rather not be worried about getting caught somehow.

Not enough money for me to do something like that

Gentleman4 points·28 days ago

No real risk of getting caught. Maybe a casual non-tech person's transactions can be traced back to their identity if some government agency is willing to spend millions of dollars to do so (like in the Silk Road investigation), but a hacker will be able to cover their tracks easily.

Redditor for 8 months.1 point·28 days ago

Yes but there’s always the “what if”.

He’s gotta be a bit concerned. I doubt sleeping like a baby.

1 more reply

3 more replies

1 more reply

1 more reply

Gentleman37 points·28 days ago

One of the reasons why I shake my head when people say "Crypto is way more secure than traditional banking."

Yes, phishing and hacking can happen in traditional banking, but your funds are insured against loss due to theft or fraud. In crypto, your money is gone forever with no recourse.

Redditor for 6 months.3 points·28 days ago

Actually i think some exchanges insured your founds

7 more replies

22 more replies

Redditor for 2 months.46 points·28 days ago

For fucks sake, can't somebody build a decentralized dynamic domain name service (DDDNS) already?!

Miner20 points·28 days ago


2 more replies

Redditor for 9 months.6 points·28 days ago

Wouldn't stop BGP highjacking.

You say bullshit, i hear bullish5 points·28 days ago

Only if you could decentralise malice.

What coin is DDNS? Where is it traded at?

6 more replies

You're all Idiots7 points·28 days ago

could this be related at all to binance also having issues earlier? didnt CZ say it was an amazon DNS issue or google etc...? could he have attempted binance?

Redditor for 6 months.3 points·28 days ago

I was wondering the same myself.

If I just logged in and sent transactions via my ledger, am I safe?

4 - 5 years account age. 500 - 1000 comment karma.8 points·28 days ago

You are safe, the keys are not exposed this way.

double check the address you think you sent to received the funds but otherwise should be safe. MEW never sees your private keys with a hardware wallet, it simply receives the signed transaction that is done on the hardware itself

bump is there an answer to this?

Redditor for 8 months.25 points·28 days ago

Pls sir mi famil

BUYHIGHSELLLOW16 points·28 days ago·edited 28 days ago

SSL redirect is not a hack, it's a big boy phish. This happens literally all the time to every major wallet, exchange, etc.

Programmer2 points·28 days ago

Except it was BGP hijacking.

I love how you got downvoted. Pretty much sums up this subreddit. It was BGP hijacking.

Programmer2 points·27 days ago

Yeah, I don't even think a "SSL redirect" attack is a thing?

Nope, I just think they're throwing around buzzwords without bothering to learn what it actually means.

Redditor for 5 months.5 points·28 days ago

This just confirms my general fears about the level of trust placed on various software wallet solutions - not the fact that they can be hacked - anything can be hacked - but that's there's fuck all recourse if you fall victim.

Bang, your money is gone and there's sweet FA you can ever do about it.

Another aspect completely unrelated to security and wallets, is sending the wrong coins to the wrong address - to me, that's even more of a problem for adoption. If you send FIAT to the wrong account, so long as you react in time, it can be undone - your bank can reverse the mistake. With cryptocurrency, your chances of recovering from an incorrect transaction are low.

Recently, I used MEW to send to binance, but in a mixup, I sent an ERC20 token not supported yet. It took me 30 days and cost me $200 to fix that fuckup. I was just lucky it was binance.

4 more replies

Dude these kind of attacks have been going on for a while which is why MEW has disclaimers and warnings about it. I've been using MEW just fine(from encrypted keystore) but I don't use Google DNS(so they might be right about that)

Redditor for 5 months.4 points·28 days ago

Can someone explain more what google DNS is doing? I kinda use it to get on piratebay etc, how safe is the google DNS to log into Binance etc?

Let me try to explain it in a simple way. At a network like world wide web, all servers have IP adresses. It's like your house adress but it is in numbers such as You can request to access information held in a server by entering these IP adresses to your browser adress bar, and your browser will take you to that adress like a taxi taking you home.

Now think about all the adresses you want to go, how can you memorize all these adresses with seemingly random numbers? Well practically you can't. That is why many many years ago, something called domain name service started. What is happening is instead of you typing all these different IPs you can't remember to your browser, you type a name like "" that you can easily remember and your browser asks a trusted database what that name actually stands for as an IP adress. These name - IP pairings are done when you buy a domain name from domain name suppliers and once you pay for it, the name - IP pairings are distributed to databases that are called DNS servers to which your browser asks for IPs. Google is one of these DNS suppliers that you can use and from what I understand today's hack is related to google's DNS database being compromised. So people writing "" to their browsers were directed to a different IP adress than they should have been, if they were using google DNS.

Now how can you protect yourself? There is something called SSL certificate, which is basically a certifying body that gives domain names a private key to embed in their server which will be checked with a public key held in certifying body's servers every time someone goes to that domain name. If a hacker redirects the domain name to a different IP by hijacking the dns server, but does not know this private key (which is what happened here) the browser will say that the certificate failed. This means it is very possible that the domain name was compromised. You just have to pay attention to your browser certificate notifications and double check the domain name you see on the adress bar.

Redditor for 6 months.5 points·28 days ago

And this is exactly what we need in crypto as well. Not sending to 0x3291238nfasoiiw129x and send it to John_Nash instead.

4 points·28 days ago

Is that not what ENS is?

5 - 6 years account age. 600 - 1000 comment karma.1 point·28 days ago

Wouldn't people be able to redirect wallets then though? Genuinely curious.

It would indeed create a new attack vector but would add an easy access method. This is an interesting idea for doing in a decentralised way though!

True its a great idea, but yet again another slew of potential attack vectors there too. If people are still using MEW and clicking on buttons when browser SSL Cert warnings are going off and despite the total overkill of warnings on MEW about exactly this potential attack a solution is never going to work when you have to account for people still having to make informed choices.

There is (AFAIK) no solution for secure decentralized access to a blockchain unless you are at least running (and maintaining) your own node, there will always be some intermediary pointing you somewhere and therefore a potential MITM at some protocol level (from SSL/TLS, HTTP, DNS, IP and down into the WIFI protocols.) So add another layer of abstraction that still requires humans to make decisions only shifts the attack up/down the layers.

You could even be running your own Ethereum node and yet it too could be compromised because you unknowingly downloaded it from a rogue server... so then that node when used for "secure" decentralized DNS could be pointing you to a MEW phishing site; the attack vectors are numerous until the entire ecosystem changes.

Redditor for 6 months.1 point·28 days ago

Probably not, it is the same now, why wont they redirect from 0x...7f to 0x...8f? If your wallet has a name on the blockchain i dont see a way to redirect that other than malwares on the user pc.

2 more replies

Google DNS is a free public option that may be faster than your ISP's DNS server. DNS is how you can type in "" and get to the right webpage that really is identified by an ip address 123.456.789.0. If you haven't setup google dns in your internet setting you are just using your ISP by default...

Redditor for 5 months.1 point·28 days ago

I pretty sure my providers ISP is faster, but that's not the reason i'm using it. I'm using the google DNS cause my provider blocked some sites i visit to often, so my question was if it is safe using google DNS to login into Binance etc..

Redditor for 5 months.1 point·28 days ago

Also I noticed when i'm using Binancen, reddit or CMC my google DNS isn't working properly after some time cause i'm getting blocked again on the other sites. gotta reload my browser to get it working again, what's the problem with that?

Google might be trying to work on a fix, at least I hope they aware...

What other methods can we use to interface with hardware wallet instead of using MEW site?

And this is why you should use the OFFLINE version of MEW.

5 more replies

Hypothetically speaking, would my ETH be at risk if I used a version of MyEtherWallet downloaded locally months ago to sign a transaction offline, and then pasted that into the phising site?

No, since they do not get access to your private key. The signature that they get is useless, since it only can execute a specific one-way transaction that you have requested.

1 more reply

This is what happened to EtherDelta back in is it so commen for DNS's to be hijacked and redirect to another website?

Why does this not happen as often with non-crypto based sites?

Redditor for 8 months.Original Poster2 points·28 days ago

I'm sure it happens, but with crypto sites, you have access to a lot of people's money anonymously. Try DNS spoofing a regular ecommerce site and you may get the credit card info, but those owners can report fraud and get chargebacks. Not in crypto

2 more replies

Redditor for 6 months.3 points·28 days ago

"Affected users likely clicked the "ignore" button on the SSL warning"... seriously dudes.

Hell man in Chrome you have to jump through hoops to get through to a site that has a certificate problem it defaults to 'take me back to safety'.

Redditor for 6 months.10 points·28 days ago

Fuck wallets ! Viva Binance balance account !!

Invisible Flair. Just delete text.21 points·28 days ago·edited 28 days ago

Not sure if this is serious, but I’m getting more comfortable holding on Binance now. Better than downloading a bunch of wallets from random coins. And the last few exchange hacks, the exchanges have paid everyone back. I think the businesses are getting more legit. They’re on a different level than mtgox was.

In other words, I trust binance as a company more than the people who make the wallet for some shitcoin.

For the big currencies you should use hardware wallet.

Redditor for 6 months.11 points·28 days ago

I was damn serious. Never moved from there. Feel comfy .

Binance is really the only exchange I trust. But don't fool yourself thinking it is 100% safe. Fake website addresses, Bínance, for instance, could steal your login/pass because that i is a í. It will make you think you are logging into a different website. 2FA helps in this instance, but not everyone has 2FA.

Like you said, if you are serious about crypto, get a hardware wallet for the currencies it can support, and have an offline only computer/paper wallet for those that it doesn't.

I am not trying to jump your ass, I just don't want people to see your comment and think that Binance is 100% safe.

1 more reply

Gentleman1 point·28 days ago

It would be one thing if there were a one-stop wallet hardware solution. But the existing hardware wallets only work with some coins, not others. So the end result is that people who might hold a couple dozen coins have to have 7-8 wallets to manage.

2 more replies

Ethereum fan2 points·28 days ago

The same thing could happen to Binance :D Although if you have 2FA there, you would be fine.

| Kyber Network 🔥2 points·28 days ago

This has to be sarcasm right? You want to leave your funds in control of a third party custodian? This is like the opposite of the basic ideas of cryptocurrency. Doing this has ended badly many more times than a wallet has been hacked (MEW wasn't hacked). Here's some sources:




2 more replies

I know right, its funny cause i was considering using MEW today to get my OMG off binance for airdrop, but told myself i'll wait till more info is out, glad i did!

1 more reply

u/kvhnuke have any updates or confirmations?

Redditor for 5 months.2 points·28 days ago

how about the metamask(that sleepy Wolfie), is it affected?

Redditor for 8 months.Original Poster3 points·28 days ago

There are no current reports of Metamask being affected, that would be related to this MEW event

Redditor for 4 months.2 points·28 days ago

If you're using any kind of hot wallet you have to pay attention to every detail. The lure of easy money is too strong for hackers to avoid. People still falling for phishing scams on email but the crypto payout is so much better!

Question on the guide. How does one connect to the blockchain on an offline computer? Instructions do not make any sense in that respect.

I haven’t used MEW in months since securing my coins in a ledger. Are all my coins stolen?

2 more replies

Upvoting for visibility.

Redditor for 11 months.4 points·28 days ago


Ethereum fan1 point·28 days ago

Wtf! Was MyCrypto hacked too?

I just used MyCrypto to access my wallet. was not compromised. I am the one tweeting from @MyCrypto.

However it's always best to use a hardware wallet or run MyCrypto/MEW locally.

Probably not. I wouldn't be surprised if the MyCrypto team is behind this. Look what they did earlier this year, the terrorist hijacking tactics they took on MEW.
Fuck MyCrypto. You don't get to be successful by starting as a shady scammer/thief. Horrible. The self servicing justification and reasoning was even worse! Feels like this could TOTALLY be attributed to Taylor and the MyCrypto team. I mean, if they were so devious as to hijack the Twitter account and try to subversively get customers to switch.... I see ZERO REASON for them to be honest and legit. They are making a competing product and anything they can do to slander the MEW name will not be put past these deviants.

You’re kidding right?

Nope. Did you remember when this all went down a few months ago? Shady as fuck. Super Shady.

I will never do business with MyCrypto.... that is dishonorable what they did.

Redditor for 5 months.6 points·28 days ago

In fairness there's a big jump between hijacking a Twitter account to promote your new website and stealing $150k (and growing) off of random people.

2 more replies

1 point·28 days ago·edited 28 days ago

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

 If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / ^Contact)

1 more reply

1 - 2 year account age. 100 - 200 comment karma.1 point·28 days ago

This doesn't affect people who use the Ledger device, right?

Redditor for 8 months.Original Poster2 points·28 days ago

Correct. Anyone who has not logged into MEW is safe.

1 - 2 year account age. 100 - 200 comment karma.1 point·28 days ago

But if I have logged into MEW with the Ledger? I mean the keys are stored on the Ledger device.

4 more replies

1 more reply

Student1 point·28 days ago

Does it even affect you if you have the site bookmarked?


Moon1 point·28 days ago

since when MEW has login?

1 - 2 years account age. 200 - 1000 comment karma.1 point·28 days ago

Are you affected if you have an offline Myetherwallet?

Whale1 point·28 days ago


Still safe with a ledger?

Redditor for 8 months.Original Poster1 point·28 days ago


Damn, I logged in 13 hours ago, should I be worried?

Redditor for 8 months.Original Poster1 point·28 days ago

It appears that this problem happened within the last 4 hours. You should be safe. Check via Etherscan just to confirm.

Thanks, I emptied my account so there was nothing for them to steal. Just worried about future income.

good wake up call for me. I always used to send ether on MEW using ledger nano S. I guess I should just use the app to send ether next time

Redditor for 3 months.1 point·28 days ago

85 Eth taken from one wallet. £80k ish in total about to be exchanged.

I don't trust MetaMask, why is it being shilled as if it's the one and only solution?

Ethereum fan1 point·28 days ago·edited 28 days ago

That's why I use an older version of MEW, offline on my computer, downloaded directly from their github releases page:

Investor1 point·28 days ago

The eth has been removed from hackers wallet looks like to an exchange.

Redditor for 6 months.1 point·28 days ago·edited 28 days ago

What the hell man, is there a counter-discussion on twitter or something; bot-like accounts saying its fine? Its like crypto equivalent of a coup

I just checked mine and they are still there. I havent entered my account in months. Should I just leave things as they are?

Redditor for 2 months.1 point·28 days ago

This just had to happen after breaking 9k resistance

8 - 9 years account age. 450 - 900 comment karma.1 point·28 days ago

Doesn't help m00ning, thankfully I use a ledger nano s and logged in over 24 hours ago.

NEO fan1 point·28 days ago

If we have not used MEW in months but have some ERC20 tokens on it, are we ok?

1 more reply

Redditor for 6 months.1 point·28 days ago

Not even these wallets are safe man.

be safe

115 more replies

Community Details





The official source for CryptoCurrency News, Discussion & Analysis.

Create Post

r/CryptoCurrency Rules

Maintain Decorum
No Spam
No Manipulation
Do Not Incite Illegal Activities or Beg
No Low-Quality Content
Do Not Reveal Personal Information
Do Not Steal Content
Keep Discussions on Topic
Use Suitable Titles and Correct Flairs
Communicate With the Mod Team
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.