A hacker managed to trick cryptocurrency holders on Tuesday morning by briefly hijacking Internet traffic from MyEtherWallet.com.
For about two hours, the hacker redirected traffic from the cryptocurrency purse provider to a lookalike version of The Page. The fake site secretly diverts all deposits in the ether's virtual currency to an address controlled by hackers.
Unfortunately, dozens of people fell for the scheme. The hacker-controlled address shows that she receives about 1
UK-based security researcher Kevin Beaumont noted the attack and said the culprit had run counterfeit MyEtherWallet site from a server in Russia. The hacker also seems to be quite wealthy and controls a wallet that contains $ 17 million in ether.
To solve the phishing scheme, the hacker used the Domain Name System or how the Internet routes traffic. Essentially, the DNS acts as the Internet's phone book and translates domain names into IP addresses so that your computer can visit a website.
How hackers manipulated DNS traffic is not clear. But Beaumont said in his blog post that it is channeling traffic from the Amazon Internet infrastructure, which is used by many major websites.
MyEtherWallet confirmed the incident, but insisted that it was "not based on lack of security on the @myetherwallet platform." Instead, he accuses of a decades-old hacking technique [whereby] Hackers find … vulnerabilities in publicly accessible DNS servers. "
" The majority of affected users use Google DNS servers We recommend all of our users to switch to Cloudflare DNS servers in the meantime," MyEtherWallet said, prompting users to submit tweets, reddit posts, or Ignore messages of any kind that give away or reimburse ETH MEW on behalf of MEW (MyEtherWallet). "
People who visited the hacker's MyEtherWallet page during the incident would have displayed a pop-up window in their browser warning them that the site was an untrusted site however, users may have ignored the warning without realizing that the site was a fake.
But perhaps the greater concern is whether the hacker can redo the hijacking in his blog post Beaumont said that nobody noticed the attack until it stopped and other sites were also targeted.