Tuesday , 14 August 2018
Home >> C >> Communications >> DNS traffic attack let cyber crooks nick crypto from MyEtherWallet users

DNS traffic attack let cyber crooks nick crypto from MyEtherWallet users

THIEVES HAVE NICKED funds from popular Ethereum cryptocurrency wallet MyEtherWallet after traffic to the company’s DNS servers was hijacked.

Reports of missing Ethereum funds – think a variant on Bitcoin – started popping up on Reddit, with users warned not to access their MyEhterWallet accounts to avoid exposing their private key until the hack was mitigated.

While blame was initially pointed at Google DNS servers thought to have been compromised, it turns out that the rerouted traffic was linked to routes used by DNS servers run by Amazon, and that through cracking into the domain name service cyber crooks were able to redirect the MyEtherWallet users to a phishing website.

“As soon as I logged in, there was a countdown for about 10 seconds and [a transfer] was made sending the available money I had on the wallet to another wallet,” said one Redditor and MyEtherWallet user.

The hack led to more than 215 Ethereum coins being stolen, according to cryptocurrency analysis site Etherscan. In real-world money terms that equates to more than $150,000 being swiped from compromised wallets.

MyEtherWallet tweeted that everything was back up and running and secure, so its users can get back to managing their digital funds.

The situation highlights the rising number of hack attacks made against cryptocurrency wallets or the use of malware to secretly put crypto mining tools onto a victim’s computer or smartphone, thanks to the increasing interest in cryptocurrencies.

But MyEtherWallet noted that in the attack it suffered was the result of a”decade-old attack” in the form of exploiting the Border Gateway Protocol, which network operators use to exchange large chunks of internet traffic. 

As such, Amazon’s DNS was not to blame, an a spokesperson from Amazon noted: “Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered.

“These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”

If you are a fan of cryptocurrency investment, we suggest you proceed with caution when it comes to using various services, and if something looks suspicious reign in your curiosity and stay the hell away from it. µ



  • <!–

  • Save this article

  • –>

==[ Click Here 1X ] [ Close ]==