Author

Topic: [Caution]: Myetherwallet was compromised (Read 64 times)

newbie
Activity: 41
Merit: 0
April 24, 2018, 10:32:44 AM
#5
This happened to me in January. My first time using MyEtherWallet.. and $150 USD worth of Polymath got stolen and $300 of WTC. Cry I never got it back. My MEW was compromised and the hacker moved all the tokens out as soon as they hit the wallet.  Cry Cry Cry Cry Cry Cry Cry
newbie
Activity: 28
Merit: 0
April 24, 2018, 10:30:52 AM
#4
Wow. I'm glad that has been addressed! Thank you for forwarding this to the community! Smiley
full member
Activity: 409
Merit: 103
April 24, 2018, 10:20:58 AM
#3
The hacker got alot of eth stolen from many user, it is a good thing that i didn't always use my myetherwallet. Hopefully there will be actions and also hoping that they can trace the hacker and give punishment for them.
full member
Activity: 177
Merit: 100
April 24, 2018, 10:14:58 AM
#2
It looks like the hacker made off with more than 500 eth.

legendary
Activity: 1372
Merit: 1252
April 24, 2018, 10:10:44 AM
#1
Found this on the reddit twitter. Cliffs are: If you used myetherwallet to generate a private key on their website while using the Google DNS IP's (8.8.8.8 and 8.8.4.4) your private keys are compromised. Things seems to be back to normal now.

Quote
Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.Cool ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.

Just further proof that you should never use these websites.
Jump to: