Topic: [CAUTION] MyEtherWallet(MEW) hijacked (April 24, 2018) (Read 490 times)
One of the reasons why I do not like using my private key directly on MEW as this can easily be compromised and that warning when you are about to key in your private key alone is alarming. The thing is that this is something most people should have taken note by now and this is the reason I always prefer making use of metamask in doing transactions. I guess this is just some of the things we will keep seeing in this digital world.
Now the world of the Internet is completely different, not the same as it was many years ago. Now there are black hackers, white hackers. This is a real war. In my opinion, most gifted people are engaged in hacking. Someone with a good purpose, someone for the purpose of fraud. I recently read about the almost proven theory of theft through electricity (without using the Internet). Sometimes I even fear how fast our world has been developing recently.
Its unfortunate tha such things still happen and will keep happening as the hackers keep coming up with new ways to defraud you of your hard earned money, the blame cannot however be totally directed to MEW. WEB based wallets are vulnerable and a combined effort from Both MEW and the users is the only way to ensure you are protected from the hackers. While MEW ensures that their systems are up to date and able to cub such attempts, The uses should put into consideration security measures such as avoidinging frequent log ins into the wallet which will expose your secret keys. or settle for a safer option i hardware wallets such as the ledger Nano s
Too often, MEW hacked this year, they need something to do with protection. Personally, I already went to Metamask, there things are better with this.
Thank you so much for the warning sir. Me also want to access the MEW at that date but I have an important matters to attend so I didnt successfully log in to MEW and I thank for it cause I then know that the MEW was hijacked. I think the MEW as of now is running and working already. Just make sure that you log in on the correct website.
There is an update in the MEW twitter regarding this problem and the team was working on it. It will be resolved asap. But i just found another thread that has been discussing this problem. It may better for you to read carefully before try to make a double post like this, but i appreciate this kind of awareness.
Hey. I understand what you're saying. The reason I just posted this immediately because I didn't want to risk wasting a few more minutes in finding a similar post, as you may know, this is really really important and a 5 minute difference could potentially prevent a single(or multiple) investor for being screwed.
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?
I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
I agreed, $100 is definitely a good small investment to safeguard your coins which worth alot more than $100. Anyone holding crypto currencies for the the long term should consider getting a hardware wallet.
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?
I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
Thanks for the warning man, I'll inform my friends about this and please spreed this news to your friends ASAP.
It was really crazy since I actually made a transaction on this date in transferring some of my tokens. I guess I must have been lucky as probably that would have been the worst day of my life if anything had happen.Still, there has never been a day I make use of MEW without trying as much as possible to take note of that green padlock and even on any other site asides MEW as anything outside it makes entering a delicate stuff on the web makes it vulnerable. Indeed, this is a call to switch to a hardware wallet. Just a $100 for the safety of your asset is indeed worth it.
Damn hackers! Why don't they use their technology to do something useful to others? Why should we steal the fruits of others' hard work? Disgusting behavior!
Devs need to hardfork those coins back! Right?
Just checked now, the link is true, green status, the certificate is valid. Perhaps this is danger for some countries.
If I use an extension like Metamask or loaded site MEW on my hard drive, is this safe in this case?
I am also interested in this question. I keep my MEW on the flash drive. Now I'm afraid to get into my wallet. I don't know how safe it is. On forum I have read that can be go. But friends say it's not necessary. Don't know what to do... If I use an extension like Metamask or loaded site MEW on my hard drive, is this safe in this case?
To store ETH and ERC 20 tokens, it is safer to use hardware wallets. The only caveat - needs to order them only from official websites. And do not buy them on ads on the Internet. Since not all sellers are honest.
Exactly, what is the best website to buy the Hardware wallet for storing the ETH and ERC20, because recently we have seen many hacks and i could not able to find the best tezor for safeguarding my coins?
To store ETH and ERC 20 tokens, it is safer to use hardware wallets. The only caveat - needs to order them only from official websites. And do not buy them on ads on the Internet. Since not all sellers are honest.
Damn hackers! Why don't they use their technology to do something useful to others? Why should we steal the fruits of others' hard work? Disgusting behavior!
I guess they will never stop as long as this space is concerned. Apparently, they would not want to see it that way and just the same way we have good people, we will always have bad people and this is the way the world works. However, it is really something that anyone who wants to be in the digital world should try as much as possible to get used to considering that the only way to be safe is to know how to be safe yourself.I would always recommend using Metamask in any occasion to login to MEW or at least using a hardware wallet which guarantees more safety.
thanks for this warning, i will use ledger wallet to store all my altcoin to be safe
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?
I'd honestly only suggest using a Ledger Nano S[ledgerwallet.com] or a Trezor[trezor.io]. They may be a bit expensive for you, but trust me. If you hold significant amounts of cryptocurrencies, it's definitely worth spending a bit of money for a hardware wallet. Security should always be a priority.
So sad to know this current scenario. This thieves are gonna reap the fruits of their evil doings someday. They got themselves so blinded by their love for riches and wealth. Theyll gonna suffer in the end. So lucky I didnt open my mew this days.
thanks for this warning. this is really bad when something like this happens. hope not many people lost money thru this hijack, but as i have read, over 200k eth have been stolen. 
But unfortunately that over 200k eth is a lot and for sure many traders are regretting for not using hardware wallet, yet this sundden attack should be a warning to all of us that there's nothing safe nowadays especially from hackers that don't know anything but to stole. They really did this on purpose like market is all green and people are selling their coins and that will be a perfect timing to their evil plan, good thing I didn't open my wallet yesterday and just checking my coins through etherscan.
Well you're a whole lot safer if you're on a hardware wallet. Thus goes to show that if you really want to secure your assets, then it's best to invest in a hardware wallet. I had a few qualms when i made an account in mew and fortunately i only have a few tokens stored there. Though the tokens are still there last time i checked :p
Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!
Invalid certificate: https://imgur.com/a/bh6p4DQ
Always make sure your connection is secure "green" in your browser!
LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29
Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.
Again, please make sure the SSL Connection is always green when you interact with any website.
Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/
Invalid certificate: https://imgur.com/a/bh6p4DQ
Code:
root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42
;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62
root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42
;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42
;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62
root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42
;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62
Always make sure your connection is secure "green" in your browser!
LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29
Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.
Again, please make sure the SSL Connection is always green when you interact with any website.
Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/
I wish I had a merit to give you cause yes, this is crazy important.
Some solutions right now.
#1) Just DON'T log in to myetherwallet at all for the time being.
#2) Make sure you are at the correct site with the correct certificate and ssl connection
#3) Get a Trezor or Ledger and start using them to access mew
By now, everyone should know just how vulnerable web based wallets are. It isn't really mew's fault, mew is just an interface to interact with the ethereum network. On top of that, there are SO MANY warnings and advice on how to use mew safely yet so many people disregard them.
If you are serious about crypto, then you should ONLY be using paper wallets or hardware wallets.
If you actively trade, I would leave only the bare minimum required to trade on exchanges.
Everything else just store it away.
Would you leave your hardearned cash just laying around for anyone to pick up?
Why would you do the same with crypto?
Thank you guys both for warnings and advices how to prevent hijacking. Maybe you know free or cheap hardware wallets?
Update: looks like the hacker stole 216 Ether in total.
Screenshot(as newbies cant post images): https://i.imgur.com/7fueK5v.png
Screenshot(as newbies cant post images
): https://i.imgur.com/7fueK5v.png Jump to: