Myetherwallet (MEW), the web’s most popular client-side ethereum wallet, has been compromised by a DNS attack. Numerous users are reporting missing funds and Mycrypto, a sister site which spun off from MEW earlier this year, has confirmed as much. The incident highlights the dangers of relying on a centralized interface, even when the funds are held by the individual, and exposes the inherent weaknesses of the Domain Name System.
Myetherwallet Users Report Missing Funds
On April 24, scores of Myetherwallet users began to report suspicious activity when trying to access the web-based ethereum interface. As the web’s most popular client-side ethereum wallet, MEW is widely used for sending money to crowdsales, buying Cryptokitties, and conducting many more day-to-day transactions that involve sending ether or ERC20 tokens. The platform does not hold user funds, but like all websites it is still at risk of being hacked by having its DNS servers taken over, exposing the data of anyone who interacts with the service. Shortly after rumors began to circulate, MEW issued a tweet to confirm their veracity:
The first signs that something was wrong emanated from the Myetherwallet Reddit, where a user posted a thread entitled “Think I got scammed/phished/hacked”. They had twigged that something was amiss after seeing the following notice when visiting the site:
They explained: “Even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet.” The addressthe funds have been sent to currently displays on Etherscan with a warning noting that it may have been involved in a MEW scam. It has conducted 180 transactions, and claimed a total of 215 ETH. It’s been reported that MEW were redirected to an isp based in Russia.