Topic: MyEtherWallet Hacked (Read 2265 times)

If anyone explains the measures you have said you will make your wallet safer but I many times noticed that bitcoin or ethereum looses by signing in to the fake phishing sites to loose the funds. There we need to check multiple time whether your URL is right or not.
That is the issue for the every person and some people only loosing the private key or steel by the family members. This is how private key issue people get the issue in loosing the funds.

There are only two possibilities why your mew account got hacked its either you click a phishing site or somebody knows your private key but mostly eth wallets are hacked because of phishing link.

As someone quite new to cryptos, was wondering how to access my tokens on MEW in light of the recent news of Keystore files being vulnerable. Even on MEW login now it says logging in with the keystore is not recommended. So how are we supposed to get to the coins?

Not only forgetting the private key makes this issue to anyone. There are some fake sites contains with the same misspelled text which is similar like Myetherwallet site is here around while you doing Google search about.
Most of these kind site owners uses the Google adwords service and makes their site while anyone search about MEW or myetherwallet on the Google search. So be careful while you are logging in to the wallet you doing with the Google search.

I've also experienced the same thing with you three months ago and I lost some of my eth, it was indeed my fault for forgetting the private key

On MEW you get access with private key. What kind of Mnemonic phrase do you use? O_o
I think you messed things up. If you want just check balance, put in your address - public key.

Thanks a lot for your fast reply Koadharber, I didn't sign in with my private key but with Mnemonic phrase which i have hard copied, the list of addresses that provides are not the one that I used originally to transfer the coins. How it comes that it doesn't retrieve the same address? I get that you think its a typo error from my part but I have tried hundreds of times, I'm going insane...

              

Possible thing that do happen on here is that you might able to input a wrong privatekey since you do said that it shows another address which means theres something wrong on the key you have inputted on the mew site. Make it sure that you do copy paste it well so that you would able to access that eth wallet address again.If not then those coins are considered lost.

Please can anybody help?!
This is my first time here and new to the Crypto world.
I created MEW last week following tutorials step by stepI managed to send ether from gdax and tokens from binance to the same address, afterwards I unlock checked that the tokens arrived and all seamed in order. Today when I try to unlock MEW the address that opens is a completely different one with no tokens in it!! i've visited etherscan and introduced the  original address and the ether and tokens are there but I cannot have access to it via MEW. Can any of you HELP please!!! THanks in advance.

A lot of hacker right now. using duplicate myetherwallet. if you open it ang put your private automatic that they get your private key and can open ang get your token and balance. better to do is to book mark the myetherwallet and always keep your private key. better to write or print your keys to be save

Sounds like maybe a malicious link might has been spread to kick users?

Their "warnings" are more recent, and were not in place when I got hacked.

I still believe that ever using a Private Key to log in to anything online is very dangerous, and MyEtherWallet should know this. A Private Key is just that, private.

I continue to avoid Ether and ICO's. I believe everyone else should too.

I had to reread the post one time to try to get it right, do you mean that now people are selling the equivalent of fake documents so scammers can create a fake project? Because if that is the case that is very serious issue, that means that hackers can create a fake website and create all that fake information just to lure in some unsuspecting investors, the imagination of scammers never ceases to amaze me.

You are right pal. With the thousand users of MEW everywhere, only a few like you complaining that it's site is hacked. For me, it's security is more than enough. If you have lost your tokens, it's your fault and don't blame the site because it hasn't done anything related to hacking.

No. Don't blame MyEtherWallet.
because MyEtherWallet always Warns you about to check the Spelling of the Website/Link/address
before inputing your private keys.
maybe you just accessed your private keys on a phishing Mew site.
it will really hack you..
always bookmark MyEtherWallet because you cannot Trust Google search Engine.
sometimes they give wrong Spelling MEW site..

All of those are good points but in my opinion the third point is the one I cannot understand, why people keep using windows to store their bitcoin? Even if you had a legitimate copy of windows you are going to get hacked eventually especially if you have a good number of coins, install Linux and install a wallet there, you do not have to use it as your main OS, just store and access your tokens from there and you are going to be a lot more protected than any windows user could ever hope to be.

I think you don't login in any website ico that ask your private,I strongly believe that is phising and scam

This is nice example of what I call a shitpost.
Not only it doesn't make sense, if his wallet has been hacked and all funds drained obviously he can't send any remaining tokens because there are no tokens left to send 

Well, they took everything except 1.6-something BRAT tokens. Once they have hacked it, you either aren't going to know it before it's too late, or it's simply going to be too late.

Putting your coins and tokens in a Hardware Wallet is the best way to go. Especially when it's MyEtherWallet and they don't want to use a reliable security device like Google Authenticator.

The ACTUAL http://www.myetherwallet.com has its specific security tag in the address bar. Here, in the United States, it is: MYETHERWALLET LLC [US].

Make sure you have a secured website, and make sure that the security tag is correct before proceeding. This follows for any site where you are going to enter important information.

If your etherwallet is hacked , well you must create a new wallet and send all your remaining tokens in your new wallet as soon as possible because if you dont the hacker will definite drain all your tokens and all your effort will be wasted. You must very aware of phising site because that is one of the things why our etherwallet is hacked.

Youve lost your coins without knowing why, youve definitely scammed. Maybe you log in your pivate key into pishers site this phishers site are good in minicing and confussing users. Or if thats not the case then someone knows your private key.

What drug dealers and child pornography has to do with this topic?

OP said his wallet was hacked and it has nothing to do with erc20 tokens or scams.

Well, if I make double the BTC equivalent in ETH from Bitcoin mining, I might consider ETH services again. But, I will always remember getting taken on the ETH platform. Many others certainly have been left with that feeling too.

It would be best for those who founded ETH to spend some of what they've made on coming up with a recognized coalition of technical and financial advisors who could review ICO's and certify the ones they find to be reliable on their whitepapers and claims. That would certainly help in giving more credence to ICO's.

That is a good tip. I have learned to use those. But, transactions will still need access. I use Keystore/Password to access now. But, I am guessing a fraudulent site could get those from you and access your wallet just as easily.

Isn't the point of Google Authenticator that you have a unique code access for your account? And, the numeric code generated is also unique. So, if MEW offered Google Authenticator for access, even if a scammer had your keys, etc., it wouldn't matter, because they couldn't get past the authenticator. Is that correct?

Thank you for your advice!

Even though I am not a fan of Ethereum at all, we should not avoid ETH just because a lot of scams happen on it. That is like avoiding Bitcoin or fiat because drug dealers and child pornography use them as payment. The reason so many scams happen on ETH is just that it is so easy to create an ERC20 token. You have people now just selling services, to create a token, whitepaper, logo, signatures and all that in a week.

Thank you for your comment.

I am using the EtherAddressLookup Google Extension. But, you have to be careful with that.

1.) It doesn't track everything, including URL's that are clearly fraudulent. I purposefully tried a phishing URL and, when it wasn't recognized as fraudulent, submitted it to their reporting.

2.) It doesn't always recognize an URL as scam/phishing/etc. the first time. You NEED to reload the site you clicked/keyed in to make sure that you get a good reading on it.

Regardless, the tools that MEW suggest are only one step in preventing problems.

I would suggest doing what I do: save the URL for the site you are wanting to access, like https://www.myetherwallet.com with your Username/Password. So, when you want to access it, it reminds you to cut and paste the URL into a New Tab in your browser. Once you load the page, make sure the address is correct. And, make sure it is secured. Fraudulent sites will have the wrong URL and are often not secured.

Harsh is fine. But, as I have said many times, using your Private Key for login is dangerous. Private Keys should be locked away. It's like having root access floating around.

There should be a fully user-controllable way to access MEW. Username/password and Google Authenticator is what almost everyone else uses.

The Ethereum platform has lost my business for good. If they want to promote MEW as the way to use ETH, they need to provide users with the same level of controlled access that other online wallets do.

No, but there are lots of phishing sites and you probably clicked on one of them.
Or you got keyloger which steal your private keys.
Other explanation can be - someone typed random private key and succeed to enter your wallet - but this is too long shot and not to mention almost impossible.

Many pishing sites, especially myetherwallet are built up on spelling mistakes (f.e. missing letters). Saw one, that I need to read three times, before I recognized the mistake.

Sorry for your loss dude. Shitty things always happen anytime. Next time, avoid to using private key to login if not very urgent. Just check it you balance using another web explorer like https://ethplorer.io/ or etherscan.

I am using MyEtherWallet for some time now and I believe that for normal uses and purposes they are practically completely safe. To the best of my knowledge all the cases of missing funds from MEW wallets has been due to user error. I know it sounds harsh but I consider all successful phishing attacks as user errors.

That being said next time I check my wallet I will probably find it empty :=)

Few tips which cannot hurt:
1. Private keys are private. Don't share them ever!!!
2. Use at least 2 wallets. One for access to airdrops and day trading and the other as cold storage.
3. Please don't use PC with cracked versions of windows or other software for wallet creation. Use some well known and tested linux distribution or original clean installation of windows.

Sorry for your loss, one of my friend also got his 30k $ stolen. There is a warning on mew website, should it be about it ? Because I've been hearing a lot about this lately.

My assumptions are just as you say

With MEW's system and expertise what might be hacked.Mew very safe

But the security if it has been burglarized assets that we save does not have any value again (zero)

I am using myetherwallet and no was hacked.

Any possible URL's were gone since I do Clear Cache/Clear History every couple of days.

I did try that extension, and purposely clicked on one of those bogus Slack scam URL's. One was flagged, but one wasn't. I reported the one not flagged. I definitely ran a full Delete Cache/History/Cookies after that, and added the scam URL's to Block Cookies.

Thank you for your suggestions! I do appreciate them.

Thank you for the replies.

Ethereum seems to be plagued by ponzi schemes, ripoffs, hacks, phishing, etc. Anything I do with ETH will be very low-cost, no more than small fractions of 1 ETH.

I really, truly do not think I clicked a phishing URL. I have been in the practice of typing in URL's directly, and more recently, doing cut and paste. I do the right-click for cut and paste, and make sure that the URL is correct when the site it joined. I am going through my links and making

Yes, Slack is a joke, in my opinion. Absolutely riddled with scams. Plus, the fact that they openly display their scam URL's, in bold type, no less, is quite interesting. If I had clicked on one of those, my sanity needs to be checked.

The positives to take away are that: 1.) I will avoid ETH as much as possible. And, 2.) I will do a hardware wallet for cold storage of any crypto.

And, I still think that using a Private Key for log in is strange, at the very least. I would still say it is dangerous.

There's nothing you can do. However, if I were you I'd wipe my computer clean or maybe have TRON script run (look it up on reddit) to search for possible keyloggers. MEW is as safe as it gets, the problem is on your end. From what I gather, since the people affected all seem to have KICK in common, I could imagine a scenario in which you visited a website for this ico that was fake. Or something along these lines. Happens more often than you think and it takes a great deal of care when dealing with these things.

Before i giving my POV, to the answer of OP

1) Yes, MEW is hackable, but likely impossible at the same. Regardless of what, private key is still a combination of characters, it just the matter of time people spent to find the EXACT same characters as your private key.

My take here:

It seems that that hacker "only steal KICKcoins and ETH" from the account, one of the hacked account/perhaps its owner account here
https://etherscan.io/address/0xe34c1d62e02c7cf5f729f439b5c7b77faa59a688#tokentxns

As you can see this account has Everex which is worth $240
But only Kickcoins is withdrawn, The hacker Withdraw coins that doesn't even have a value currently.

So i suspect you clicked into some Hijacked Phishing Site. Once you upload your Priv key.
It auto access your account
Check Balance of ETH = True, Withdraw
Check Balance of KickICO = True, Withdraw

And based on what you have said, after transferring the hacked Kickcoin, they transfer it again to this address
https://etherscan.io/address/0xdee0cc222c5219ea79ca263beabdec5f9fc13dbc#tokentxns

Based on all these information, i strongly believe you clicked into one of the fake MEW Site.

Because if you actually take a look at this address: https://etherscan.io/address/0xdee0cc222c5219ea79ca263beabdec5f9fc13dbc#tokentxns
Then check the tab "Tokens Transfer"

You can see each of the coins, are transferred by different Ethereum Account.

If you actually join slack, you would know recently it has tons of fake bots which spread fake message and tons of people getting phished.

However, this is all just speculations.
This address: https://etherscan.io/address/0xdee0cc222c5219ea79ca263beabdec5f9fc13dbc#tokentxns could be someone else address, perhaps its an exchange or so. I doesn't have a good reverse tracking skills, but these is all what i can find

Just to check out, did you receive email, message or etc that stated your account is compromised, hijack or anything?

MyEtherWallet is not vulnerable to hacking. This is probably the crucial point:



You should always use https instead of http. If you really used http there is a small chance of a Man in the Middle attack where the attacker
is between you and the real MEW, reading your keyfile/password/whatever you used because it was not encrypted with TLS.
Thats not a security flaw by MEW. Thats the reason you are encrypting sensible information with TLS (https protocol).

Safe or not also depending on yourself, I think this issue happened because OP was visiting a phishing link which stole his private key. It means we should be very careful in this online world. There are many myetherwallet users get hacked because of the phishing link, they key to be safe is on the users. Otherwise, it will be useless even if you ledger nano if you cant keep your own safety.

This is for sure a matter of big concern. I thought MEW was very safe. Better to buy a Ledger NANO then?

OP The fact that you state that several other users with the same token were victims of this makes me think that this was not a general attack against myetherwallet and that this was a targeted attack to those that held those coins, I think you were the victim of a virus, by your post you seem to be using windows or some other insecure OS, I will recommend that you stop using that and use a Linux install for all your sensitive transactions from now on.

I have some doubts with this, have you heard about this malware http://wyzguyscybersecurity.com/copy-paste-malware/ many has come out to be a victim of this. I didn't experienced this malware but this can be another cause of it.


Yes, you just have to wait for it and tell us if they did ever reply to your problem.


Don't mention it.

Do you still have access to the computer you used to sign in to your MEW? If you have, can you review its history and look for the site you open which you think is MEW. Because if I'm not mistaken, you're likely to be a victim of a phishing attack and not aware that you've used a similar URL with that of MyEtherWallet.com. If this is the case, and you notice that you did use a phishing URL, then copy that URL and report it here: https://etherscamdb.info/report/. Include the screenshot of the wallet who stole your ETH and tokens and add whatever additional details you can impart to them so they can act and if possible, retrieve your funds.

Also, install this Chrome extension (if you're using Chrome for browser): https://chrome.google.com/webstore/detail/etheraddresslookup/pdknmigbbbhmllnmgdfalmedcmcefdfn

This will give you a warning if the ETH address is used before for phishing activities or if it is blacklisted so you can avoid transacting with it or transferring anything to it.

No. Even though I have only been in crypto for less than two months, I am very protective of my financial data. I immediately kept my Private Key locked away. Like a Hardware Wallet, I keep all important data like that locked away. I know to never share that with anyone. I was even hesitant, at first, to share my regular crypto addresses, until I researched it and understood that you couldn't access a wallet with just that.

Also, with the place where I keep my passwords, I include the web address for the financial institution, like http://www.myetherwallet.com. So, every time I log in to a financial institution, I open a new browser tab. Then, I cut and paste that address into the new tab. Then, I proceed to enter my information. Even when I get verified emails from the financial institutions I do business with, I do not click on the links in those emails.

I have quickly learned how dangerous Private Keys are. Why MEW insists on using them to log in with is beyond me. With Private Keys being hidden on Custodial Accounts like Coinbase, etc. and being locked away on Hardware Wallets, why would MEW use them to log in with?

MEW certainly seems to be hackable. I would absolutely not use it for anything but for transitory usage. So, if you want to use it for tokens, only transfer the ETH you need to for that token purchase. Then, when the tokens are deposited, get them out of there as soon as possible to a Hardware Wallet.

I wrote an extensive email to MEW, but do not know if I will hear back. Do you know if anyone hears back from MEW on support requests?

Thank you for your help on this. I appreciate it.

Well if you never visited MEW lookalike website, possibly that someone knows your private keys. Have you ever written your private keys on the web/email address? And what possible happened was someone has breached and got those private keys you have kept on your email and he just accessed it without you noticing it. Better not to use the same address anymore and sorry for your loss.

I have very serious concerns with the security, or the lack of security, of MyEtherWallet.

The only wallet I know of that will transact in ICO Tokens is MyEtherWallet. Every ICO I have ever come across says to use MyEtherWallet.

I have had problems using MyEtherWallet. I will access it with the information that only I have access to. There are times that my balance will not show. I have to come back later to access the wallet so I can see my balance.

Now, the 1.5 ETH and 3000 KICK Tokens I had in there look like they are gone. I have accessed Etherscan and both my ETH and my Tokens were withdrawn to this address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be

Etherscan: https://etherscan.io/address/0x88404e743442886f04443c2624917df46d2deef5

Ethplorer: https://ethplorer.io/address/0x88404e743442886f04443c2624917df46d2deef5

You can see that whoever this person is, they have grabbed many KICK tokens from many addresses: https://etherscan.io/address/0xf7860ea76a36ee83abb7f88d3c773f0440e178be#tokentxns

Also, you can see that the address the KICK tokens were withdrawn to has taken in tons of other kinds of tokens:
https://etherscan.io/address/0xdee0cc222c5219ea79ca263beabdec5f9fc13dbc#tokentxns

And, yes, I don't know if I should be posting this transactional information on here, but what does it matter? Everything has been taken out of my wallet.

Questions:

Is MyEtherWallet that vulnerable to hacking?

I carefully safeguard my access information to MyEtherWallet. No one else has access to it. I only log on directly to http://www.myetherwallet.com. I subscribe to MalwareBytes, which is easily the most robust protection I have ever used. I do not click on third-party links or email links for financial sites.

But, still, my ETH and Tokens are gone to that address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be And, I am guessing I have zero recourse. Is that correct? Can anybody just hack into something like MyEtherWallet and take your coin and tokens?

Thank you for your time and assistance with this. I appreciate it!