Thieves have made away with $152,000 worth of Ether in the latest hacking targeting cryptocurrencies. This time, the target was MyEtherWallet.com with attackers taking advantages of vulnerabilities in the DNS system to redirect users to a phishing site, data from Chainalysis shows.
The redirection happened for two hours before it was detected. Oracle was the first to take note of the breach. Traffic was redirected to a Russian server under the control of hackers.
DNS is a directory service that associates user-friendly domains to numerical IP addresses containing certain computer services. DNS attacks take advantage of the back and forth communication between clients and servers redirecting them to rogue websites where passwords and other information are stolen. The technique has been in existence for a long time.
“It is our understanding that a couple of Domain Name System registration servers were hijacked at 12 PM UTC to redirect myetherwallet[dot]com users to a phishing site, a statement from MyEtherWallet on Reddit said.
Decade-Old Technique
“This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system. It can happen to any organization, including large banks. This is not due to a lack of security on the @myetherwallet platform. It is due to hackers finding vulnerabilities in public-facing DNS servers,” it added.
MyEtherWallet says the attack mostly affected users using Google DNS Servers. “We recommend all our users to switch to Cloudflare DNS servers in the meantime.”
DNS attacks are not that uncommon. Major sites like Facebook and even Google have been affected. A similar attack targeting digital tokens saw the loss of over $400,000 worth of Stellar Lumens in January.
Affected users likely ignored an SSL certificate warning, MEW says. Users are warned to “PLEASE ENSURE there is a green bar SSL certificate that says “MyEtherWallet Inc” before using MEW.”