MyEtherWallet DNS Got Hacked – Yes AGAIN!
A user on Reddit has warned all MyEtherWallet (MEW) users to stop using MEW immediately if they are using Google’s DNS (22.214.171.124/126.96.36.199). MyEtherWallet DNS Got Hacked or more accurately, Google’s DNS is failing.
Reddit user MickySocaci says that these two DNS servers are resolving the site’s domain to a server that is malfunctioning and could potentially steal your private keys.
In the thread, the Reddit user has also appended code that proves what he is claiming.
What is a DNS and How Does it Crash?
So MyEtherWallet DNS Got Hacked Again? How is that possible?
A DNS server is a computer server that contains the IP addresses and their hostnames. It is also a DNS’s job to convert or resolve a website’s IP address to its domain name. A DNS server crash is when When a server fails to resolves.
Google provides Domain Name Server (DNS) services to everyone who uses their in-house browser Google Chrome. And when it crashes, it essentially sends all the queries to a defunct server that searches the device’s cache for the IP and redirects or resolves to a completely unrelated site.
The internet is a place that is becoming synonymous with hacks and hijacks for all those who access restricted content. The malfunction of Google’s DNS service is not an isolated incident that is affecting the crypto market alone. It is a very common occurrence that happens to all websites that use Google as a way of redirecting traffic to their websites.
Google is the largest and most used search engine in the world. It deals with more than 150 billion queries per day. So when it’s DNS servers fail or malfunction, you can be quite sure a lot of internet companies and websites are being affected.
Similar crashes have lead to hijacking of financial institution databases, healthcare databases etc.
The warning issued on Reddit seems to be genuine. It has code proof as well. So it might just be a good idea for all users of MyEtherWallet to steer clear of the site and its use until Google gets the DNS servers up and running again.
EDITED 1:24am CST: the BGP hijack this morning was against AWS DNS not Google DNS.
BGP hijack this morning affected Amazon DNS. eNet (AS10297) of Columbus, OH announced the following more-specifics of Amazon routes from 11:05 to 13:03 UTC today:
— InternetIntelligence (@InternetIntel) April 24, 2018
WHAT TO DO IN THIS SITUATION
If you’ve used MEW in the last ~4 hours, accessing your account using the private key or keystore file or mnemonic phrase:
-Check your address on etherscan.io to see if you’ve been victimized by this hack yet.
-Transfer your funds off into a new wallet even if you haven’t been victimized yet. DO NOT GO TO THE SITE TO DO THIS. Run MEW offline referencing the KB article here: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html
If you have used MEW in the last ~4 hours, accessing your account using MetaMask or Ledger Nano S or Trezor:
-The only possible issue with hardware wallets is redirection of funds that were sent during the time of attack. There have been no reports of this yet.
-Your account itself, should be fine, since these options don’t expose your private key online when signing transactions or accessing your account. Avoid using the MEW website until successful triage has been confirmed.
If you have not used MEW in the last ~4 hours, accessing your account using the private key or keystore file:
-DO NOT GO TO THE MEW WEBSITE UNTIL THE ISSUE HAS BEEN CONFIRMED TO BE FIXED BY MEW TEAM. CURIOSITY WILL KILL YOU, CAT.
Other Online Safety Tips
- run a local (offline) copy of MEW platform. Use hardware wallets to store your cryptocurrencies. IGNORE any tweets, Reddit posts, or ANY messages which claim to be giving away or reimbursing ETH on behalf of MEW.
- Majority of those affected were using Amazon’s DNS servers. Affected users likely clicked the “ignore” button on the SSL warning that pops up when visiting a malicious site imitating MEW. MAKE SURE there is a green bar SSL certificate that says “MyEtherWallet Inc [US]”.
- To keep up this fight against this criminal phishing attack, we need our amazing community to support and educate each other – this is an ongoing battle that requires us all to stick together.
- Finally READ THIS … STUDY THIS!fa https://myetherwallet.github.io/knowledge-base/security/myetherwallet-protips-how-not-to-get-scammed-during-ico.html
Until Next Time…
Faith Sloan “QueenWiki”
Watch QueenWiki’s cryptocurrency and blockchain technology videos on our Youtube Channel at https://youtube.com/c/QueenWiki1 – LIKE, COMMENT, SHARE and SUBSCRIBE to the Channel! Thank you!
http://facebook.com/queenwikiOfficial – Get Updates and Please Like the page
http://facebook.com/groups/cryptocurrencyeducation JOIN for FREE Cryptocurrency Education
http://twitter.com/faithsloan FOLLOW ME to get ALL of my social media posts and blog posts