Hacker Steals Cryptocurrency from MyEtherWallet Customers
Another hack, but this one is not due to poor website security, but rather a hijacking of website traffic. For approximately 2 hours, a hacker hijacked Internet traffic from customers to MyEtherWallet.com. During that time, users ended up at a spoofed site where the attacker could harvest sensitive data, allowing them to redirect funds to an account they controlled. In all, about 180 transactions went to the hacker's wallet, totalling over $150k worth of cryptocurrency.
Security is a team sport, meaning there are always dependencies. Even if you have a secure site, you likely rely on Internet infrastructure components like DNS (Domain Name System). If someone can hijack routing via DNS, Wi-Fi, or other Man-in-the-Middle attacks, they can undermine the trust of your users. This was the case where customers of MyEtherWallet were duped into giving credentials after being redirected to an attackers fake site, even though the intended site was not itself compromised directly.
Reports vary, but some estimates are over $150k in losses. Oddly, the attacker themselves manage an account worth $17 million. I think there is more to this story than we currently know.
Some days, you can do everything right and yet attacks succeed. Having rapid detection and response capabilities, coupled with strong communication protocols is crucial when working with both upstream and downstream partners to resolve cybersecurity issues.
I feel for those security people at MyEtherWallet. They are in the news because their customers were victims but their site itself was not hacked. Probably feels like a Monday.
Very creative attack. Continues to highlight how important security is but also this should help people looking at the problem from a different perspective.
Nobody ever said being in cybersecurity was fair. I have had those days myself.
things like this definitely have users doubting their trust of the company and the security behind it
Was the hackers account worth 17 million? If so, why did he scam people for 150K?
This is probably not the first scam/hack they have done.
The hackers are always a step ahead. This is crazy! And 100% it’s more then the 150K reported as of now! They have 17 million in an account
Oh yea something is off for sure
Agreed, there will be more to this story. Am waiting for other details to emerge. I suspect this is a criminal that mistakenly listed his holdings account where the loot from several hacks are stored. Don't know for sure. But looking at the source of other previous transactions should reveal more about this threat agent.
Sir,totalling over $150k is very big amount and it is very bad
Sadly, compared to many other cyber heists, this is a modest amount. Some attacks reach into the tens of millions of dollars or more. But you are correct, $150k is a sizable sum.
Hi mrosenquist,
Glad that I did not have $0 in my Etherwallet. I pulled all $ out from that wallet 4 months ago.
Good timing.
Wow 17 million dollars and all they got was 150k. That's weird. Do you think it was North Korea?
Aah, Suma get off! where the world is going! unimaginably. and that to do simple people!?(((
That might not be great for few people but hell that is a lot few people like us !
I feel for those security people at MyEtherWallet. They are in the news because their customers were victims but their site itself was not hacked. Probably feels like a Monday.