Topic: Are you using a Public DNS server? your coins are at risk ! (Read 18194 times)

lets clear a few things up shall we using a Public DNS isnt dangerous so stop with the crap already... is it more likely to be targeted? yes as more people use it but its also alot more likely to have the latest software and patches applied... next there are many Public Dns's out there hell even cloudflare brought one out 1.1.1.1 and 1.0.0.1 (your welcome) its not hard to do a few checks. if your really paranoid use the bloody ip addresses so you can get Middle man attacked (DNS hijacked)
VPNs can be a good option as most of the time they user there own DNSbut the easiest and best option is look at your address bar... see the green lock... its there for a reason it means that site is who its claiming to be. quick easy stuff will keep you safe against the 99% of scams out there and always ALWAYS try to use 2FA that way if you log in to a bad website youll still have a 2nd line of defense even if they grab your password they cant hijack the email (unless your one of those that use the same password for everythign in which case good luck.

Phishing and Hijacking are not to be neglected! Using public DNS is dangerous if your IP is exposed, a plethora of misdeeds can occur.

If you take a look at what Butterfly is doing, you will find that much more enthralling than using a standard, centralized DNS.

Butterfly enables individuals to execute a single transaction and own their domain name forever, free of future payments, which are currently standard, as simple as that. Once a domain name is created and acquired, the initial registrar is its sole owner. This in itself is a major breakthrough in how domain name ownership works. Butterfly has also developed an inherent ecosystem with a native cryptocurrency token, which allows users to create, sponsor, and execute domain names and their creation.

BUMP

There is a new scam trend now which is similar to the DNS phishing attack.

a lot of users received emails from someone who is pretending to be from the MEW support team telling people that their wallets need to be changed due to some restructuring and security improvements.

they send you a masked link which does pretty much look like the official site of www.myetherwallet.com . they ask you to swap your old wallet PK to the new wallet, and once you do ,you know the drill 

PLEASE BE EXTRA CAREFUL.

You are most welcome bro. we doing this for the community ! crypto is the future

God, thanks for this so much. I just changed to one of the big DNS servers, as a youtube video said they're going to be much faster, but I guess the speed isn't really worth it when these people are getting hacked and then money is being stolen due to it. I'll be changing back VERY SHORTLY.

THANKS SO MUCH!

yup, have as many wallets as you can

please go through this website

https://www.bitpremier.com/bitcoin-hardware-wallets

it has a list of the best hardware wallets, Nano S and Trezor are the only 2 i have used so i am not sure about the rest.
security based they are almost the same, Nano has a wider variety of coins that can be stored. Trezor usually sells cheaper but it has less coins.

so it's your call!

The rate at which wallet are being hacked is so alarming especially myetherwallet. I want to know how,where and how mush it will cost to get a hardware wallet, I am very interested.

You can't still be sure if you are secured whether you use public dns or not, use all security process you know, use anonymous browser like tor or use vpn especially when bad luck comes to you, and regarding to phishing site you can avoid it by bookmarking the site. So always bring your best luck !! Fighting ..

I think it still safe as long as you don't type your password or seed phrase on the website that using public DNS.
It can be a phishing website using public DNS to replace the legit website to their phishing site.
Never put your seed word or password, that is the safest way.

You must use an offline wallet to store your money. Take your safety seriously, this will help you avoid problems in the future.

I also regularly use my Nano S wallet to protect my property because I feel insecure about leaving it on commercial wallets. Protect your property carefully because when it's gone you'll be hard pressed to get back in the market.

thanks for pointing this out.

Ledger Nano supports a good variety of coins. now if your coin is not on the list then sadly you are left with nothing but an offline/paper wallet.

Nice teaching but I will like to add that cold wallets from exchanges are a very good way of storing your coins from any kind of attacks. some exchanges give you cold wallets to store yourcryptos that are not needed atm. Look for that.

all the points that you have mentioned are very good methods but the only draw back is that most of these hardware wallets are limited in the coins that you are able to store on them and as such they need to address this issue where they mostly accept the major coins like bitcoins, ether and bitcoin cash but how do you protect the other coins that you have significant investments in ?

Offline wallets, keeping coins from any internet connection and hardware wallets are very important. This is clear that whatever you do, you will never be fully safe so the most important thing not put everything in one basket.

i have been wanting to say this but my writing skills sucks, you just spoke for me . thanks

A public DNS server is open to a lot of risks, except it is properly protected using failsafe methods that disconnects the server from the stream in the event of an attack say DDoS.  First of it is that public servers when compromised can bring a lot of pain  to every client who has their sensitive documents, data, etc loaded via the server. All this is usually possible when the server is the target of a worm, host, or virus if the hackers feel something important lies deep in the purpose the servers convey. No one is invulnerable and as such, it is safer to use a private secured protocol that gives a higher degree of safety. never trust public servers no matter how safe they look and never carry out financial transactions over them as your details may be compromised without your knowledge.

sorry about your loss, i tried to warn as many people as i could by then on Ether Mining group on FB some people got away but most were to late to act! anyway

why not get a hardware wallet? any logical explanation behind this?

thanks

I do not know what is the point of wrongly rephrasing my initial statement.

I can tell you that Google's DNS is differently more secured than your ISP, but it is SAFER to your ISP' DNS because it's less Likely to be targeted.


More Secured doesn't mean SAFER !.

it's simple you do not have to complicate it !

what is more secure a bank downtown or a house in the middle of nowhere at the side of the country?

sure is the bank has more security, but in terms of "security by obscurity". that house is safer to store money in, but it takes 1 thief with a knife to rob that house , while it takes a big force to get into the bank downtown!.

so technically GOOGLE's dns is much more secured " do your own research" . but your ISP dns is safe simply because it's less important to the majority of hackers.


and if you want to argue about the fact that  security by obscurity is a bad practice then a simple proof is the last MEW attack.
people who were accessing their MEW using their ISP were safe at the same moment that those on Google's were getting compromised.


there is no HISTORY data on this matter particularity, therefore I have no solid evidence to support this statement. because it is common sense.

if you want to build a reliable data on this keep using Google's DNS and  after a few years you tell me how many times your online wallet was compromised and we compare it to someone else's who is on their own ISP DNS

i was carelessly using public dns because my isp using it. later dns hijacked occured.
My wallet got hacked by it. i lost about 700 usd of it.
now i am no longer using myetherwallet, time to use metamask or other more secure wallet.

i think it is not as safe for me because it is likely to be hacking at any  for me,so l ask you to use a different wallet because if you use a wallet you can read it at risk.all of you go ahead

Can you clue me into which statistics you are using to formulate this conclusion? If you're saying that this is something we cannot tell in terms of their technical sophistication, then what about the statistics should reflect any differently? Either they are more secure, or they are less secure. Even if they are more technically sophisticated, is it more likely that the Google DNS gets hacked or your ISP DNS? I would argue that it's Google's that is more likely, so in certain circumstances, such as this one security by obscurity may be of higher value than other aspects for the simple fact that you will not fall into the targeted-zone of attack. As you said, there is high reward for this sort of thing, but in regular ISPs DNS there is little to gain, so unless you are causing yourself to be targeted you can bet that you won't be.

You say that it is pretty clear what you mean, but there are multiple people that are unclear on exactly that so you are misleading yourself if you honestly believe that to be the case.

Yeah it is very risky. but i didn't think using a public dns is risky first, but after the hacking occurred on myetherwallet,
i realized it was risky indeed. Use your isp dns, it is safer than public dns.

100% true ,,some people want to learn the hard way

glad  i could help. if you do not have the funds /abiliry to get  a hardware wallet for now consider a paper wallet, or at least use a windows version and use 2FA.

stay away from web-based wallets ( where you use your browser, type in xxxx walet.com and enter your info ) that is the worst practice ever especially if you do not have a 2FA

you are most welcome . glad i could help.



nothing is 100% secured,but it's not bad as you make it sound. a bad apple ammong empoloyess won't be enough to compromise your PK. it's a little bit more secured than this


I think it is pretty clear that what i meant by saying that your ISP DNS is more secured than GOOGLE's is nothing technically related. it's something we can't tell, statistically google's DNS is more secured than many other's COMBINED.
but the fact that it's widely used, it's on hackers top list!.simply due to the reward!

Well thanks for your information. I gather much from you. I use multiple browser before and i found out that there will be a vulnerability on other browser can't name one but the safest browser i use is Google Chrome. I will buy hardware soon as soon as the bull market return then i will short  my funds.

you see the most secured things are those" unknown" things. the more a service is used the more people want to hack it because the reward is much bigger.

think about it this way. you transferring a million dollars in cash from your house to your friends.

you have 1 options to secure them.

1- Do not tell anyone about the money you transferring
2-Hire a SWAT team to protect you transfer the money


now option two may seem like a more secured choice but it really is not. just the fact that you allow people to know about the 1 million $ you transferring puts you in a big risk regardless of how much protection you have.

this thing applies to public DNS perfectly. even though Google pays probably 1000000x times more than most other DNS's for security, the fact the it's well known and so many people use it. it's  very seductive  to hackers,  who would waste time and effort trying to hack a local DNS that only a handful of people use?

and yes you are 100% right. people should stay away from web-based wallet.

I thought that was the primary point that OP was getting at when they were suggesting to use your ISP DNS over a public DNS like google. The sheer fact of obscurity is quite often enough to deter an attack, simply because you were not worth targeting. It certainly isn't a good strategy, but I was simply asking because this seemed to be equivalent to what they were suggesting.


Welp. That just leaves everyone pretty much open to an attack. We need better options on a large scale.

While this is something which is pretty smart, If you have some sort of 2FA setup with your wallet you're going to be fine. So if you do have some other precautions in place then you're going to be good to go. I would always recommend having 2fa with authy or google authenticator.

Though with the chance of losing your coins low due to DNS risk when simply using google dns servers (or someone like cloudflare) You're going to be saving a lot more time with using the other dns servers, which is going to have to be put into account when thinking of what dns server to use.s

This thread suggests that the ISP DNS server is the most secure. Most devices are pre-configured to use DHCP and that will automatically choose that server, so you don't necessary have to understand DNS for basic security.

Hardware wallets can be considered hot-wallets, as they are physically connected to an online device. But I get your point.

The summary of it all is that, we just need to continue to be more secure. I have read suggestions about how to go about being secure but it seems its not as simple for someone who is just an average user. A whole lot of people don't even know what DNS stands for and its importance in all of this or what the validity of the certificate stands for what is known is to launch a browser and sail with it to site you want to visit.

The simple answer and best recommendation is have an hardware wallet to store the coins. As the Internet continues to be less secure, the best is to operate outside the internet and only come online to use the wallet when its extremely important to do that.

I'm not really into hardware wallets either to be honest, all it takes is one bad apple among employees and your private key might be compromised.

I would not use a VPN for logging into web-wallets, unless Bitcoin (or related tech) is forbidden in your country. You have to consider that all requests go through the VPN server, that is especially dangerous when the connection is not well encrypted.

Invest in a hardware wallet, it worth it. When you are new to crypto and dont own much of it you might think it is foolish to pay 80-90$ for a wallet to store our coins in but remember how you would feel if you get hacked and lose your assets.
Its a good idea to use a separate laptop/pc just for your crypto trading/storing needs. Since it doesnt have to be a brand new one, just make sure its wiped clean and doesnt have any faulty hardware and use it only for your crypto assets, not for any other internet activities (movies, torrents, downloading etc etc....)

Not really. Picking an uncommonly used DNS is really just security by obscurity. You're not actually doing anything to be more secure against attacks, you're just reducing the chances of being attacked. Kind of like how people MacOS is "safer" than Windows just by virtue of it being much less likely to get targeted.


It's not more protected. Google's isn't necessarily better either. Google's is just perceived to be better because most people trust that Google does their job in securing their DNS better than their respective ISPs. I don't know if that's true, of course, but if we go by the assumption that Google is better at security than your ISP, it would come down to a choice of "more likely to be attacked but more likely to fight them off", or "less likely to be attacked but less likely to fight them off". It's essentially hiding versus arming yourself. There's no clear winner that will always be better so you just have to decide for yourself.

I'm using a VPN too, is this safe enough?? (I'm not a tech savvy so i don't have any idea about this) Well, this makes me scared but thanks God my tokens are still safe out there, to be honest I'm just worried about MEW wallet, not exchange since I have enabled 2fa factor though it's not completely safe and bad way storing your crypto out there.

How about installing extensions such as EAL or MetaMask or Cryptonite as MEW wallet suggested, is this safe enough? in order to protect us from the DNS attack.

wow, thanks for the information, I even found out if using google DNS is very dangerous, I used to use it to stabilize my modem connection, and now I will never again do, thanks again for the information

Yeah it is risky if you use public dns. what i wonder is why google dns can be hijacked.
for me, using myetherwallet alone is not secure to operate. just use metamask or other secure wallet.

since we are at crypto forum ... I would bet some chips ... PKI and SSL certificates vulnerabilities ...

It sounds like the biggest concern is a public DNS server that is very commonly used. If you are able to find a public DNS server that is relatively unused would that then mitigate most of the concern for hacking through that route? I'm pretty new to all of this, but how is your ISP DNS anymore protected than a public DNS that is used equally as much?

using a VPN to transact doesn't mean anything, it could be safe as much as it could be less safe. there really isn't a tight risk ratio attached to using VPN. a DNS attack is not on MEW it self , it is on rout from your PC to the WEB WALLET. anywhere in between.
i still insist on using hardware wallet for best security practice.

I always use VPN to transact. I do not know if this is risky or not for me. And so far I am grateful my coins are always safe. Whether through MEW or Exchangers, I'm always wary of using both because we know that Hackers can use DNS from MEW or Exchangers to get Private keys and Passwords. They are smart. However, risk is the part we have to deal with.

honestly speaking i have not tried using an extension, maybe I will give it a try this time around, we learn every day

Yes, i was scared when that happened to myetherwallet, thinking that my tokens and eth were stolen along with it. I got relieved when i checked that its still intact. All my life savings was there. I agree that we need to invest to secure our money. A hard wallet or offline wallet is the most secure wallet. Im thinking,also, to buy another laptop and make it solely for my cryptoworks.

It's worth noting that if you are using any DNS sever then you should trust the source. So if you don't trust your ISP then you probably shouldn't use their DNS sever.

I swear by extensions such as noscript suite which prevent's javascript and other things from running automatically. It's probably better protection that an anti virus, although can also be used in combination with anti virus software.

as advised, always protect your browser before accessing anything website that you store your funds in, Kaspersky antivirus is a good one. and secondly be self-conscious, don't store all your funds on one wallet, split it to different wallets. I have more than 7 wallets. if a hacker mistakenly gains access to your wallet, you will still be left with something because you didn't store all your coin in one particular wallet.

I prefer to use the offline wallet and store the private keys data on hdd. Because I think it's safer.

Right! If we use public DNS servers, it is very easy to steal passwords and information. This will reveal the secrets of your trading. And maybe your money is stolen quickly. To invest in bitcoin use a dedicated computer for bitcoin safety.

Kaspersky lab has proven to be the source of viruses, so I personally would not recommend this very software.
Try using some other virtual keyboards, especially if you are using an Android-based wallet - this would ensure the security of your funds.

paper wallet is safe until you decide to move your coins, if you use a compromised pc to do so then you are doomed !
paper wallet is for sure much more secured than online wallets but still a hardware wallet is much more secure.

from a programmer point of view i can confirm that Windows Virtual keyboard is really easy to log. in fact even Kasper's virtual keyboard is hack-able but it should be something harder to do for an average programmer like me.

so just as you said, the best thing is hardware wallet, all these other stuff are just a little extra security tips, like someone with only a knife in hand during WW2. can't really fight but might just get lucky

I didn't follow the technical news on the previous days, so I do not know of what happened with Myetherwallet wallet.
As a result of the increase in the prices of these currencies, there has been a lot of news that talk about such attacks, so I do not find the traditional protection methods will withstand for a long time.
So I prefer a paper wallet with public address(use any block explorer to check your balance) + mixing services (for privacy).

---

move your post to Beginners & Help

That DNS attack is just another proof that hackers are working to find new ways how to hack online wallets,which means they are becoming unfortunately less safe and therefore less secure.Users do not pay attention whether page is genuine or is it have SSL,and when it comes to cryptocurrency you can lose everything in blinking of a eye.

Regarding virtual keyboards,there is option in Windows for that, but opinions are divided can that protect us from keyloggers or not.

As you suggest it is best to invest some money(around 100 $,maybe more)to buy hardware wallet,and also to spend some time on personal education.IT security is very important for anyone who wants to deal with cryptocurrency.

Use multiple wallets on different hardware. It's always good to have several offline wallets generated by different hardware and stored in different locations. (the private key that is) Private keys should also never be stored digitally for obvious reasons. Even if you must access your coins on a regular basis a hardware wallet is likely worth the initial investment as it prevents some of the common pitfalls.

My general advise for people wanting to exchange coins is only store your coins on the exchange just before he actually exchange them and then transfer them to an offline wallet as soon as possible if needed. If you are exchanging high amounts then it might be better to pay a little more in fees and exchange them in smaller chunks to prevent losing all if a exchange was compromised whilst you were exchanging.

Most of you heard of the DNS attack which targeted Myetherwallet (MEW) web wallet users. tons of coins were stolen that day ( 6 days ago).

I can not stress on how important it is to use a hardware or at least an offline wallet to store your crypto ,but should you INSIST on using web based wallet keep in mind that you are only a few steps far from being compromised.

there are a few ways hackers can steal your coins, one of the most obvious is a DNS attack, therefore you should avoid using public - known DNS servers such as Google, OpenDns Home , etc ...

1- Always use your ISP DNS server, even though it is probably technically less secured than say  Google DNS server but the fact that it is not used by so many users and mostly unknown, it stays far from the hacker's targets.

2- Always make sure that you are using a secure connection, using chrome for an example, you have to see a green lock next to the url your browsing, click on secure and check the validity of the certificate.

3-The use of Virtual Keyboards can save you sometimes. something like Kaspersky Virtual Keyboard is much more secure than hitting your keyboard.


4-use multiple wallets, remember the old saying about eggs and basket ! it is still valid.

  --------------------------------------------------------------


**Pay to secure your money, as you already know, nothing is free in life, just like you pay to ensure your car , house and health you have to pay to secure your fundings, hardware wallets are really cheap ! spend a little on one !



**Avoid storing your funds on exchanges , exchanges are hackers no1 target. every couple of months you will most likely hear about an exchange being compromised, you do not want your coins to be there !



stay safe guys, this is the BILL you have to pay for owning crypto, you get 100% freedom + you take 100% responsibility of your fundings.