MyEtherWallet, a popular web-based wallet for storing and transmitting the cryptocurrency ether (ETH), suffered a DNS attack that rerouted unsuspecting users to a Russian scam site into which some victims fed their login credentials.
An invalid SSL connection certificate warned users before entering the phony site but some bypassed the warning, resulting in a loss of funds. MyEtherWallet confirmed the attack in a statement on April 24, 2018.
Hackers did not actually hack the MyEtherWallet platform itself but went after vulnerabilities in public-facing DNS servers instead. MyEtherWallet recommends users switch to Cloudflare DNS servers for the time being.
DNS servers provide the correct IP address for an internet site’s name. If you type in “www.myetherwallet.com,” a DNS server will translate that into the IP address for that site. An SSL certificate protects against spoofed DNS answers by comparing the hostname you enter with the hostnames listed in the certificate. If no match is found, an SSL warning pops up.
Normally when users attempt to visit myetherwallet.com, they are directed to Amazon Web Services, which hosts the site. But this time, according to cybersecurity firm CloudFlare, they were directed instead to a set of Russian IP addresses.