Thieves have pocketed funds from a popular Ethereum crypto currency wallet, MyEtherWallet. This theft occurred after traffic to the company’s DNS server was hacked.
Reports of missing Ethereum funds started to pop up on Reddit. Users were warned not to access their MyEtherWallet accounts to avoid giving out their private key until the cyber attack has been mitigated.
The initial blame was pointing at Google DNS servers which were thought to have been compromised, however it turned out that the rerouted traffic was in fact linked to routes used by DNS servers that were run by Amazon. By cracking into the domain name service, cyber criminals were able to redirect the users of MyEtherWallet to a phishing website.
One Redditer and MyEtherWallet user said ” I double checked the URL address, triple checked it, went on Google, and got the URL. And even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and a transfer was made sending the available money I had on the wallet to another wallet.”
This hack led to more than 215 Ethereum coins being stolen, according to an analysis by Etherscan. In real world money terms, these 215 coins equate to more than $150,000 being compromised.
MyEtherWallet did tweet to confirm that everything is back up and running and users can go back to managing their digital funds but they noted that the attack was a result of a “decade-old attack”
A spokesperson from Amazon noted, “Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. They were initially unaware of this issue and accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”