It seems popular cryptocurrency wallet MyEtherWallet is having issues. A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side.
The unexpected withdrawals have caused many netizens to suspect that MyEtherWallet has been hacked. Despite speculation though, the issue might have to do with with a glitch in Google’s Domain Name System (DNS) protocol.
Speaking to Hard Fork, MyEtherWallets reps clarified that the popular app “is not hacked.” Instead, the company claims that the unusual activity “was a DNS attack on Google DNS servers.”
It remains unclear how widely spread the attack is, but the malicious agent has already made off with more than 215 ETH, according to stats from Ethereum blockchain explorer Etherscan.
The issue was first brought to light after a Reddit user reported their funds missing after using MyEtherWallet – despite taking every measure to ensure they were indeed using the real thing.
We asked MyEtherWallet for further clarification on whether users’ funds are safe, but the company did not provide a conclusive response. “It depends on which DNS servers users were using at that point in time,” a spokesperson told Hard Fork.
This is merely our interpretation, but chances are it will be impossible to recover stolen funds.
A DNS attack occurs when attackers change the DNS registrations of the company commandeering the company’s desktop and mobile website domains in order to take users to phishing sites, where they can steal users’ login credentials
The good thing is that as long as you do not use your keys to login into your wallet, the funds should be safe.
MyEtherWallet team has assured that they are looking into the issue.
Meanwhile, your best chances of staying safe might be to wait until MyEtherWallet has confirmed the issue has been resolved.
Update: MyEtherWallet has confirmed the hijacking of a few of its DNS servers.
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet.com (@myetherwallet) April 24, 2018
Update 2 (12:26pm PST): MyEtherWallet attributed the hijack this morning first on Google DNS but has since shifted blame to Amazon Web Services.
Correction: the BGP hijack this morning was against AWS DNS not Google DNS. https://t.co/gp3VLbImpX
— InternetIntelligence (@InternetIntel) April 24, 2018
Published April 24, 2018 — 15:01 UTC