Author

Topic: MyEtherWallet hacked (Read 220 times)

legendary
Activity: 2758
Merit: 6830
September 28, 2018, 03:22:15 PM
#11
is this again like that DNS redirect thing? stupid to enter details even if certificate isn't there, why risk it?  Sad
Because some newbier users usually think that if the domain is right, everything is right. Even with the "not secure" warning and invalid certificate.
BQ
member
Activity: 616
Merit: 53
CoinMetro - the future of exchanges
September 28, 2018, 03:17:36 PM
#10
is this again like that DNS redirect thing? stupid to enter details even if certificate isn't there, why risk it?  Sad
legendary
Activity: 2758
Merit: 6830
September 28, 2018, 08:36:32 AM
#9
I've dealt with this before. I got an email notification about depositing MyEtherWallet and a link to the wallet and thereby my private key was stolen . Beware of phishing sites. Enter the site address by hand or from saved bookmarks.
Well, that's a different case. You just visited a different website that looks like MEW. OP's got scammed even that he was in the legit MEW website. Hackers had taken control of the DNS entry and managed to make the MyEtherWallet.com domain lead to a different website.

Anyways, this happened 5 months ago.
hero member
Activity: 1834
Merit: 759
April 26, 2018, 01:51:06 AM
#8
The two best solutions would be to always check the SSL certificate right before the URL or by always running the wallet locally from the source code.

To be fair, there was apparently a security warning, and users ignored it. Few people seem to be aware of what SSL certificates are for, sadly.

But yeah, for newbies, the internet is a very dangerous place, and you should never ignore warnings even if you're absolutely sure you're on the correct URL. It was a DNS poisoning attack, which could happen to any site. If there's a certificate problem and you don't know how to deal with it, walk away.
legendary
Activity: 3472
Merit: 10611
April 25, 2018, 11:39:48 PM
#7
This issue has been resolved already,  it only happens for few hours, I think all is clear now.

true but it proves once again that using web wallets is never safe. what happened here for a few hours can happen again at any time. it may be tomorrow, or it may be years from now but the risk always exists when you are visiting a website for your wallet and enter your private keys there. and this is not the only risk! there are lots more.
sr. member
Activity: 728
Merit: 254
April 25, 2018, 06:09:55 PM
#6
This issue has been resolved already,  it only happens for few hours, I think all is clear now.
jr. member
Activity: 210
Merit: 1
April 25, 2018, 04:03:45 PM
#5
I use so far Metamask as this is one of recommended way from MEW, usually when a user open a MEW then to login then provided some recommendations from MEW. So far I use Metamask is very easy to use, and I see lot of people also use this metamask now. Hope this metamask to be still safe and they are always updating their security.
legendary
Activity: 2758
Merit: 6830
April 25, 2018, 02:40:50 PM
#4
I strongly advise using Cryptonite by MetaCert!
It's a Chrome plugin that warns you if you get redirected to a phishing site. In addition MetaMask, a hardware wallet and/or an offline version of MyEtherWallet.
I already suggested this before and it would helpagainst phising websites like MyEthreWallet dot com, but would this work if the official MEW domain (or the DNS in this case) was hijacked? According to the reddit post OP linked above, the user "Used EAL" (which is a similar extension) to check if the url was correct. But this was not the issue and that's why he still got scammed.

The two best solutions would be to always check the SSL certificate right before the URL or by always running the wallet locally from the source code.
jr. member
Activity: 88
Merit: 1
April 25, 2018, 09:39:35 AM
#3
To make things easier for you... I'll advise you import your mew wallet to imtoken and monitor your funds there..with this you do not have to log in to mew via mew website...
Am i communicating??
sr. member
Activity: 434
Merit: 436
April 24, 2018, 10:13:41 AM
#2
I strongly advise using Cryptonite by MetaCert!
It's a Chrome plugin that warns you if you get redirected to a phishing site. In addition MetaMask, a hardware wallet and/or an offline version of MyEtherWallet.

NEVER ever use only the private key/json file. This will get you most likely scammed/phished and remember: once an address is compromised, you'll never be able to use it again without risking all your assets!


For those who are interested:
How To Run MyEtherWallet Offline and Locally
  • Downloading and installing
  • Running MyEtherWallet
member
Activity: 364
Merit: 20
Jump to: