A user of the MyEtherWallet reported on Reddit about one hour ago that their wallet has been hacked for .09 ETH.
The user logged into their wallet this AM and noticed that the wallet interface had an “invalid connection certificate” in the corner. The user followed a number of anti-phishing safety procedures to confirm a valid URL for the log in, including multiple URL checks and a service called EtherAddressLookUp (EAL) and found nothing.
The user proceeded to log in to his or her MyEtherWallet, and within ten seconds, the entire balance of the user’s wallet was extracted to an unknown ether address.
After the hack, the user scanned his or her computer for viruses and malware and found nothing.
A user on the Ethereum subreddit advised 1 hour ago:
“Do not use myetherwallet.com if you’re using Google Public DNS (126.96.36.199 / 188.8.131.52) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!”
The MyEtherWallet company has responded as of 10:30 AM EST:
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet.com (@myetherwallet) April 24, 2018
The reason checking the URL did not work is because the hackers used a Domain Name System hijack. According to Wired Magazine, this type of attack, “takes advantage of the plumbing of the internet to siphon away your website’s visitors…before they ever reach your network.”
A user at the ETHTrader subreddit stated at 9:45 AM EST:
“Yeah looks like DNS was hijacked. Russian IP and name servers in use. Myetherwallet team need to reach out to godaddy asap and regain control.”
Blue Protocol is claiming that MyEtherWallet already knew about this issue back in January. In a tweet, Blue Protocol stated;
“We made this issue public back in January. They responded by sending us threatening legal letters and calling us “stupid liars” in a cointelegraph hit job.”