This article was published on April 24, 2018

MyEtherWallet users report stolen funds after an Amazon DNS attack [Update]

More than 215 ETH have already been stolen as part of this attack


MyEtherWallet users report stolen funds after an Amazon DNS attack [Update]

It seems popular cryptocurrency wallet MyEtherWallet is having issues. A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side.

The unexpected withdrawals have caused many netizens to suspect that MyEtherWallet has been hacked. Despite speculation though, the issue might have to do with with a glitch in Google’s Domain Name System (DNS) protocol.

Speaking to Hard Fork, MyEtherWallets reps clarified that the popular app “is not hacked.” Instead, the company claims that the unusual activity “was a DNS attack on Google DNS servers.”

It remains unclear how widely spread the attack is, but the malicious agent has already made off with more than 215 ETH, according to stats from Ethereum blockchain explorer Etherscan.

The issue was first brought to light after a Reddit user reported their funds missing after using MyEtherWallet – despite taking every measure to ensure they were indeed using the real thing.

We asked MyEtherWallet for further clarification on whether users’ funds are safe, but the company did not provide a conclusive response. “It depends on which DNS servers users were using at that point in time,” a spokesperson told Hard Fork.

This is merely our interpretation, but chances are it will be impossible to recover stolen funds.

A DNS attack occurs when attackers change the DNS registrations of the company commandeering the company’s desktop and mobile website domains in order to take users to phishing sites, where they can steal users’ login credentials

The good thing is that as long as you do not use your keys to login into your wallet, the funds should be safe.

MyEtherWallet team has assured that they are looking into the issue.

Meanwhile, your best chances of staying safe might be to wait until MyEtherWallet has confirmed the issue has been resolved.

Update: MyEtherWallet has confirmed the hijacking of a few of its DNS servers.

Update 2 (12:26pm PST):  MyEtherWallet attributed the hijack this morning first on Google DNS but has since shifted blame to Amazon Web Services.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with