MyEtherWallet DNS Servers were briefly hijacked and made to redirect users to a phishing site in a classic poisoning attack.
Early this morning, servers providing domain name system (DNS) service to MyEtherWallet (MEW), the client-side software interface for interacting with the Ethereum blockchain, fell victim to a hack that utilized DNS cache poisoning[1] (or spoofing) – a means of hijacking Border Gateway Protocol[2] (BGP).
Some users[3] logging into MyEtherWallet during this brief timeframe earlier today – hours at most – fell prey to a phishing scam that tricked users into surrendering their wallet keys before transferring their cryptocurrency into what can only be assumed to be the hacker(s) associated digital wallet. It's being reported[4] that the attacker made off with 215 Ether, the equivalent of $160,000 at the time of the transaction.
Founder of MyEtherWallet Kosala Hemachandra told ETHNews:
"It was a DNS poisoning attack on myeitherwallet.com. We suspect that Google DNS cached it and a lot of other DNS servers cached it as well. It wasn't on our end. Our hands were tied."
DNS spoofing is a type of IP address hijacking that has particular venom when utilized against financial services[5] because of the exposure those platforms have to their customers' personal and corporate finances. This kind of hack is particularly dangerous because of how easily it can propagate from one server to another.
Hackers utilize attack vectors that exploit weakness in the internet's domain name system to redirect internet traffic away from legitimate servers or websites to fraudulent ones that often resemble their genuine doppelganger or mimic their functionality.
Notably – while this issue was tragic for MEW and its affected users –the company had little control over or means
