Cryptocurrency wallet MyEtherWallet (MEW) tweeted a warning that a “couple” of its DNS servers have been hacked and users risk being redirected to a phishing site this morning[1], April 24. MEW is now in the process of verifying which servers have been targeted and is working to resolve the hack “asap,” they added.
Alarmed MEW users have been active[2] all day on Reddit and other platforms as they await further details from the MEW team, with many deciding not to log in at all to avoid security risks. Others are advising each other to run MEW offline, or at the very least to double check that the SSL connection is always green when interacting with a site.
The hack, which this time has been confirmed by MEW themselves, recalls the allegations of a DNS hack levelled at MEW[3] in January by the developers of altcoin Ethereum Blue (BLUE), categorically dismissed at the time by MEW as “a stupid lie.”
An outraged user, raising the spectre of January, quipped:
Took you long enough. Remember when @Blue_Protocol said this happened a few months ago but you called them liars to save your reputation? That was pretty lame. Now people losing lots of their wealth all because of your greed. Congrats pic.twitter.com/h85jsKyXxy[4][5]
— Love (@hannahmontaanaa)
According to recent updates on Reddit, Google’s Public DNS appears to now be resolving to the correct ISP, but MEW developers have not officially given a green light that the DNS attack has been solved.
References
- ^ this morning (twitter.com)
- ^ active (www.reddit.com)
- ^ levelled at MEW (cointelegraph.com)
- ^ @Blue_Protocol (twitter.com)
- ^