Hackers steal ethereums from cryptocurrency wallet service

April 26, 2018 12:49
About 215 ethereums worth roughly US$152,000 were stolen in the MyEtherWallet hack. Photo: MyEtherWallet, Reuters

Cryptocurrency wallet service provider MyEtherWallet (MEW) issued a warning on Twitter that a couple of its DNS (Domain Name System) servers have been hacked and users risk being redirected to a phishing site.

Data from Chainalysis shows that Tuesday's hack resulted in a loss of about 215 ethereums worth roughly US$152,000.

Users of the popular online ethereum storage solution reported that when connecting to the wallet service, they were faced with an unsigned SSL (Secure Sockets Layer) certificate, a broken link in the site’s verification system.

If they clicked through this certificate warning, they were redirected to a server in Russia controlled by the hackers, who proceeded to empty the user’s wallet.

Hackers appear to have taken snatched the cryptocurrencies in two hours before the attack was shut down, tech website The Verge reports.

In an official statement posted on Reddit, the company confirmed the attack, noting that the redirecting of DNS servers is a decade-old hacking technique that aims to undermine the internet’s routing system.

The attackers seem to attack the infrastructure of the internet, rather than having compromised the MyEtherWallet platform itself, it said.

“[The hack] is due to hackers finding vulnerabilities in public-facing DNS servers,” the company said. “We advise users to run a local [offline] copy of the MyEtherWallet.”

It said in a later tweet that Amazon's DNS servers appeared to have been hijacked in a malicious attack, which in turn affected MyEtherWallet.

But an Amazon Web Services representative stressed that the service's own DNS system had never been compromised.

“Neither AWS nor Amazon Route 53 were hacked or compromised,” the statement said, adding that the problem originated from an internet service provider making fraudulent traffic announcements.

The Verge notes that the hackers used a technique known as BGP (Border Gateway Protocol) hijacking, which spreads bad routing information as a way of intercepting traffic in transit. BGP hijacking has long been known as a fundamental weakness in the internet, which was designed to accept routing without verification.

In an interview with Forbes, James Slaby, senior product marketing manager at Acronis, a Swiss data protection provider, said: “Old-school phishing scams, like the one that occurred with MyEtherWallet, and confidence tricks still work: unwary users have been duped into giving up passwords that protect their online wallets, or exposing their private cryptographic keys, which is like giving away both your ATM card and PIN.”

He believes the weakness is not in the cryptocurrency, “but in everything around it: the services and systems used to create and store it, the employees who operate that technology, and the customers”.

This article appeared in the Hong Kong Economic Journal on April 26

Translation by Ben Ng with additional reporting

[Chinese version 中文版]

– Contact us at [email protected]


Hong Kong Economic Journal