MyEtherWallet Domain-Hijacking Financially Victimized 198 Users, Causing $320K Loss
On April 24th, MyEtherWallet (or MEW) users in certain areas suffered from domain hijacking and, when visiting official MyEtherWallet.com domain, may be redirected to phishing sites (physically located in Russia). As of this writing, there are 198 victims falling prey with $320K US dollars loss.
Details
Around 12:00 PM UTC on April 24th, the DNS entries of certain Amazon servers were compromised [2], and a portion of web-browsing traffic (i.e., HTTPS-based web requests) to MEW were redirected to a fake phishing website. The fake website was camouflaged to have the same appearance with MEW. Note the phishing website used a self-signed TLS certificate, which is considered insecure by commodity browsers with warning pop-ups. However, users may ignore the warnings and still choose to proceed and enter their key information, which will then be stolen by attackers to immediately transfer remaining ETH balances.
The stolen ETHs had been transferred directly to two fake phishing addresses as shown below:
In total, there are 524.849443769811124681 ETHs stolen and 198 unique victim users. You can find the transactions related to the first Fake_Phishing899 address in the following figure.
After collecting the stolen ETHs, attackers immediately send them to an exchange address (0xb3aaaae47070264f3595c5032ee94b620a583a39) for money laundering purpose:
If we keep track of the flow of stolen ETHs, we are able to reconstruct the following graph. The stolen ETHs are finally deposited into an exchange.
Conclusion
This incident reminds us the decade-old domain hajacking technique and its implications (or challenges) on providing a reliable web-based service such as crypto-currency wallets. With that, we strongly recommend end-users to exercise extra care when exposing your private keys or other login information. In the meantime, service providers like MEW may think possibilities to provide enhanced security mechanisms (e.g., two-factor authentication) to mitigate or even eliminate these risks.
相關文章
- Focal Loss改進版 GFocal Loss
- Loss FunctionFunction
- Oracle default usersOracle
- 2.2.2.2 Local Users in a CDB
- 2.2.2.1 Common Users in a CDB
- 262-Trips and Users
- Leetcode 198 House RobberLeetCode
- GFL: Generalized Focal LossZed
- LeetCode 198. 打家劫舍(Easy)LeetCode
- Author: ** not defined in users.txt file
- 2.2.2 Overview of Common and Local Users in a CDBView
- Avoided redundant navigation to current location: "/users"IDENavigation
- Focal loss論文解析
- windchill 擴充USERS表空間
- A way to represent that more realistically might be forcing users
- Triplet Loss 損失函式函式
- 何愷明Focal Loss改進版!GFocal Loss:良心技術,無cost漲點
- Spectrum Entropy Prediction Assisted Channel Selection for Secondary Users
- 簡單談談Cross Entropy LossROS
- softmax負取樣和nce loss
- PyTorch:損失函式loss functionPyTorch函式Function
- 分類任務loss不變
- win10系統c盤users在哪_win10系統c盤users怎麼開啟Win10
- MyEtherWallet遭遇DNS攻擊 使用者報告丟失資金DNS
- Hadoop官網翻譯之HDFS Users GuideHadoopGUIIDE
- PyTorch 中 loss.grad_fn 解釋PyTorch
- win10系統下Users資料夾在哪 win10系統Users資料夾怎麼開啟Win10
- 建立遷移檔案 auth 認證表 users
- [20200327]ORA-46267 Insufficient space in 'USERS' tablespace.txt
- P5416 = UOJ 198 時空旅行 題解
- Jan 2023-Prioritizing Samples in Reinforcement Learning with Reducible Loss
- move linux os from disk A to disk B with 0 lossLinux
- Ranked List Loss for Deep Metric Learning | 論文分享
- MySQL增強(Loss-less)半同步複製MySql
- 焦點損失函式 Focal Loss 與 GHM函式
- PermissionError: [Errno 13] Permission denied: 'C:\\Users\\hao\\Desktop\\test.xlsx'Error
- web3 產品介紹 MyEtherWallet 方便和智慧合約互動的錢包Web
- PostgreSQL 原始碼解讀(198)- 查詢#113(排序#6 - Tuplesortstate)SQL原始碼排序