Pages:
Author

Topic: [CAUTION] MyEtherWallet(MEW) hijacked (April 24, 2018) (Read 497 times)

legendary
Activity: 1386
Merit: 1058
One of the reasons why I do not like using my private key directly on MEW as this can easily be compromised and that warning when you are about to key in your private key alone is alarming. The thing is that this is something most people should have taken note by now and this is the reason I always prefer making use of metamask in doing transactions. I guess this is just some of the things we will keep seeing in this digital world.
full member
Activity: 275
Merit: 101
Now the world of the Internet is completely different, not the same as it was many years ago. Now there are black hackers, white hackers. This is a real war. In my opinion, most gifted people are engaged in hacking. Someone with a good purpose, someone for the purpose of fraud. I recently read about the almost proven theory of theft through electricity (without using the Internet). Sometimes I even fear how fast our world has been developing recently.
newbie
Activity: 91
Merit: 0
 Its unfortunate tha such things still happen and will keep happening as the hackers keep coming up with new ways to defraud you of your hard earned money, the blame cannot however be totally directed to MEW. WEB based wallets are vulnerable and a combined effort  from Both MEW and the users is the only way to ensure you are protected from the hackers. While MEW ensures that their systems are up to date and able to cub such attempts, The uses should put into consideration security measures such as avoidinging frequent log ins into the wallet which will expose your secret keys. or settle for a safer option i hardware wallets such as the ledger Nano s
member
Activity: 350
Merit: 10
Too often, MEW hacked this year, they need something to do with protection. Personally, I already went to Metamask, there things are better with this.
jr. member
Activity: 322
Merit: 2
Thank you so much for the warning sir. Me also want to access the MEW at that date but I have an important matters to attend so I didnt successfully log in to MEW and I thank for it cause I then know that the MEW was hijacked. I think the MEW as of now is running and working already. Just make sure that you log in on the correct website.
legendary
Activity: 1554
Merit: 1054
There is an update in the MEW twitter regarding this problem and the team was working on it. It will be resolved asap. But i just found another thread that has been discussing this problem. It may better for you to read carefully before try to make a double post like this, but i appreciate this kind of awareness. 

Hey. I understand what you're saying. The reason I just posted this immediately because I didn't want to risk wasting a few more minutes in finding a similar post, as you may know, this is really really important and a 5 minute difference could potentially prevent a single(or multiple) investor for being screwed.
Nice one. You actually did the right thing. Posts like this cannot actually be too many as this is a way to quickly help the members of the community in making a terrible mistake and for the fact that you considered out of your time to make that happen is a plus. It is always good to watch our backs, and also good to always be security conscious. People should try as much as possible to find ways to get to their wallet without using the private keys, and most times, if there is no business of trying to withdraw, etherscan.io is there to check the content of your wallet.
sr. member
Activity: 686
Merit: 257
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?

I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
Expensive? No, hardware wallet not expensive and it's only cost below $100, that money in crypto market can't do anything, but it's a best option to prevent hacker steal your fund, I've use ledger nano s and currently don't have any issue

I agreed, $100 is definitely a good small investment to safeguard your coins which worth alot more than $100. Anyone holding crypto currencies for the the long term should consider getting a hardware wallet.
member
Activity: 451
Merit: 10
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?

I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
Expensive? No, hardware wallet not expensive and it's only cost below $100, that money in crypto market can't do anything, but it's a best option to prevent hacker steal your fund, I've use ledger nano s and currently don't have any issue
legendary
Activity: 1232
Merit: 1029
Thanks for the warning man, I'll inform my friends about this and please spreed this news to your friends ASAP.
It was really crazy since I actually made a transaction on this date in transferring some of my tokens. I guess I must have been lucky as probably that would have been the worst day of my life if anything had happen.

Still, there has never been a day I make use of MEW without trying as much as possible to take note of that green padlock and even on any other site asides MEW as anything outside it makes entering a delicate stuff on the web makes it vulnerable. Indeed, this is a call to switch to a hardware wallet. Just a $100 for the safety of your asset is indeed worth it.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
Damn hackers! Why don't they use their technology to do something useful to others? Why should we steal the fruits of others' hard work? Disgusting behavior!


Devs need to hardfork those coins back! Right? Smiley
newbie
Activity: 252
Merit: 0
Just checked now, the link is true, green status, the certificate is valid. Perhaps this is danger for some countries.
If I use an extension like Metamask or loaded site MEW on my hard drive, is this safe in this case?
I am also interested in this question. I keep my MEW on the flash drive. Now I'm afraid to get into my wallet. I don't know how safe it is. On forum I have read that can be go. But friends say it's not necessary. Don't know what to do...
member
Activity: 644
Merit: 10
To store ETH and ERC 20 tokens, it is safer to use hardware wallets.  The only caveat  - needs to order them only from official websites.  And do not buy them on ads on the Internet.  Since not all sellers are honest.

Exactly, what is the best website to buy the Hardware wallet for storing the ETH and ERC20, because recently we have seen many hacks and i could not able to find the best tezor for safeguarding my coins?
full member
Activity: 336
Merit: 100
To store ETH and ERC 20 tokens, it is safer to use hardware wallets.  The only caveat  - needs to order them only from official websites.  And do not buy them on ads on the Internet.  Since not all sellers are honest.
legendary
Activity: 3710
Merit: 1170
www.Crypto.Games: Multiple coins, multiple games
Damn hackers! Why don't they use their technology to do something useful to others? Why should we steal the fruits of others' hard work? Disgusting behavior!
I guess they will never stop as long as this space is concerned. Apparently, they would not want to see it that way and just the same way we have good people, we will always have bad people and this is the way the world works. However, it is really something that anyone who wants to be in the digital world should try as much as possible to get used to considering that the only way to be safe is to know how to be safe yourself.

I would always recommend using Metamask in any occasion to login to MEW or at least using a hardware wallet which guarantees more safety.
full member
Activity: 220
Merit: 100
thanks for this warning, i will use ledger wallet to store all my altcoin to be safe
member
Activity: 138
Merit: 74
NotYourKeys.Org
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?

I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
member
Activity: 280
Merit: 10
So sad to know this current scenario. This thieves are gonna reap the fruits of their evil doings someday. They got themselves so blinded by their love for riches and wealth. Theyll gonna suffer in the end. So lucky I didnt open my mew this days.
hero member
Activity: 1246
Merit: 529
CryptoTalk.Org - Get Paid for every Post!
thanks for this warning. this is really bad when something like this happens. hope not many people lost money thru this hijack, but as i have read, over 200k eth have been stolen.   Sad

But unfortunately that over 200k eth is a lot and for sure many traders are regretting for not using hardware wallet, yet this sundden attack should be a warning to all of us that there's nothing safe nowadays especially from hackers that don't know anything but to stole. They really did this on purpose like market is all green and people are selling their coins and that will be a perfect timing to their evil plan, good thing I didn't open my wallet yesterday and just checking my coins through etherscan.
Am I safe using a hardware wallet? And has the problem already been fixed? Can not find any official announcement that the problem has been resolved...

Well you're a whole lot safer if you're on a hardware wallet. Thus goes to show that if you really want to secure your assets, then it's best to invest in a hardware wallet. I had a few qualms when i made an account in mew and fortunately i only have a few tokens stored there. Though the tokens are still there last time i checked :p
newbie
Activity: 30
Merit: 0
Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

Code:
root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.



Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/

I wish I had a merit to give you cause yes, this is crazy important.

Some solutions right now.

#1) Just DON'T log in to myetherwallet at all for the time being.

#2) Make sure you are at the correct site with the correct certificate and ssl connection

#3) Get a Trezor or Ledger and start using them to access mew

By now, everyone should know just how vulnerable web based wallets are.  It isn't really mew's fault, mew is just an interface to interact with the ethereum network.  On top of that, there are SO MANY warnings and advice on how to use mew safely yet so many people disregard them.

If you are serious about crypto, then you should ONLY be using paper wallets or hardware wallets.
If you actively trade, I would leave only the bare minimum required to trade on exchanges.
Everything else just store it away.
Would you leave your hardearned cash just laying around for anyone to pick up?
Why would you do the same with crypto?

Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?
member
Activity: 138
Merit: 74
NotYourKeys.Org
Update: looks like the hacker stole 216 Ether in total.
Screenshot(as newbies cant post images  Sad): https://i.imgur.com/7fueK5v.png
Pages:
Jump to: