Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

$361 000 USD

APRIL 2018

GLOBAL

MYETHERWALLET

DESCRIPTION OF EVENTS

"MEW (MyEtherWallet) is a free, client-side interface helping you interact with the Ethereum blockchain. Our easy-to-use, open-source platform allows you to generate wallets, interact with smart contracts, and so much more."

 

"Taylor Manahan and Kosala Hemachandra founded MEW (MyEtherWallet) back in 2015, not long after Ethereum was created."

 

"On April 24, 2018 the popular Ethereum wallet MyEtherWallet suffered a phishing attack on its Google Public DNS."

 

"According to the multitude of Reddit posts, the faulty IP address and name server are Russian in origin. Users also tracked the filched funds back to two wallet addresses, one of which the MyEtherWallet team has labelled as Fake_Phishing899 in response to the attack. At press time, funds have been moved from these addresses, split up, and scattered through a variety of fresh wallets to obscure their allocation."

 

"While they have yet to corroborate the origin of the hack, the MyEtherWallet team did confirm on Twitter that a “[couple] of DNS servers were hijacked.” The team claims that the security breach was not a result of vulnerabilities on myetherwallet.com and that they are working on resolving the issue immediately."

 

"Couple of DNS servers were hijacked to resolve http://myetherwallet.com users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap."

 

"As with past phishing attacks that have targeted Ethereum-powered wallets or exchanges, the hacker(s) could only compromise accounts whose users entered their private keys on the fake website. As such, if you attempted to access MyEtherWallet at the time of the attack with a hardware wallet or MetaMask, your funds would be safe. Additionally, as the phishing attack hijacked the wallet service’s Google Public DNS, some users who accessed myetherwallet.com from another one of its domain name server hosts wouldn’t have run into issues."

 

"Hmm, Google's DNS server 8.8.8.8 is returning wrong IP for www. myetherwallet .com and the SSL certificate returned is invalid , BE CAREFUL OUT THERE!"

 

"PSA: DON'T LOGIN to check if all of your crypto is gone, because then it will for sure be gone! This is exactly what the malicious entities would want you to do!"

 

"Some 515 ETH ($360,500) has been stolen as a result of the hack."

 

Explore This Case Further On Our Wiki

MyEtherWallet suffered from their DNS being rerouted to an attack website, hosted in Russia. The attackers managed to compromise a number of people's accounts, who attempted to use the site at this time. 515 ETH were stolen. There is no evidence of any recovery.

HOW COULD THIS HAVE BEEN PREVENTED?

The website popped up with an SSL certificate warning. Do not proceed to enter sensitive information if such occurs. The way to prevent the incident more thoroughly is to never use online tools to store funds. Always store private keys and sign transactions offline, on a device such as a hardware wallet. Keep most of your funds in a cold storage wallet, and withdraw only what you need.

 

Check Our Framework For Safe Secure Exchange Platforms

My Ether Wallet Suffers Phishing Attack After Hackers Hijack Google Public DNS - CoinCentral (Jan 21)
A $152,000 Cryptocurrency Theft Just Exploited A Huge 'Blind Spot' In Internet Security (Jan 22)
@dentcoin Twitter (Jan 23)
Address 0xf203a3b241decafd4bdebbb557070db337d0ad27 | Etherscan (Jan 23)
Address 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29 | Etherscan (Jan 23)
@myetherwallet Twitter (Jan 23)
WARNING: MyEtherWallet has been DNS hijacked. Your funds can be stolen if you use the website. Wait for an official update. : CryptoCurrency (Jan 23)
[WARNING] MyEtherWallet.com highjacked on Google Public DNS : ethereum (Jan 23)
**Warning** Reports of MyEtherWallet Site Compromised. : ethtrader (Jan 23)
MyEtherWallet has been hacked/breached : CryptoCurrency (Jan 23)
https://i.imgur.com/2x9d7bR.png (Jan 23)
https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f (Jan 23)
Is MyEtherwallet Safe to use in 2021? [Security & Safety Info] (Jan 18)
Hackers steal over $150,000 in cryptocurrency with DNS scam (Oct 17)
DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident (Mar 27)

Sources And Further Reading

More case studies

Ledger Fake BIP39
Generation Scam

Dubai Bitcoin
Gang Heist

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.