MyEtherWallet Domain-Hijacking Financially Victimized 198 Users, Causing $320K Loss
On April 24th, MyEtherWallet (or MEW) users in certain areas suffered from domain hijacking and, when visiting official MyEtherWallet.com domain, may be redirected to phishing sites (physically located in Russia). As of this writing, there are 198 victims falling prey with $320K US dollars loss.
Details
Around 12:00 PM UTC on April 24th, the DNS entries of certain Amazon servers were compromised [2], and a portion of web-browsing traffic (i.e., HTTPS-based web requests) to MEW were redirected to a fake phishing website. The fake website was camouflaged to have the same appearance with MEW. Note the phishing website used a self-signed TLS certificate, which is considered insecure by commodity browsers with warning pop-ups. However, users may ignore the warnings and still choose to proceed and enter their key information, which will then be stolen by attackers to immediately transfer remaining ETH balances.
The stolen ETHs had been transferred directly to two fake phishing addresses as shown below:
In total, there are 524.849443769811124681 ETHs stolen and 198 unique victim users. You can find the transactions related to the first Fake_Phishing899 address in the following figure.
After collecting the stolen ETHs, attackers immediately send them to an exchange address (0xb3aaaae47070264f3595c5032ee94b620a583a39) for money laundering purpose:
If we keep track of the flow of stolen ETHs, we are able to reconstruct the following graph. The stolen ETHs are finally deposited into an exchange.
Conclusion
This incident reminds us the decade-old domain hajacking technique and its implications (or challenges) on providing a reliable web-based service such as crypto-currency wallets. With that, we strongly recommend end-users to exercise extra care when exposing your private keys or other login information. In the meantime, service providers like MEW may think possibilities to provide enhanced security mechanisms (e.g., two-factor authentication) to mitigate or even eliminate these risks.
相關文章
- Types of Oracle Database Users : Database Users (6)OracleDatabase
- Indexes and Nulls (198)IndexNull
- Oracle default usersOracle
- Focal loss論文解析
- Android: Unknown “Bitmap” cause by 'mGlow' causing memory leakAndroid
- Leetcode 198 House RobberLeetCode
- codeforces #198(div2)
- oracle users 表空間Oracle
- Move users between domainsAI
- Oracle Created (Default) Database UsersOracleDatabase
- Triplet Loss 損失函式函式
- [iOS]This will result in loss of keychain access ?iOSAI
- LeetCode 198. 打家劫舍(Easy)LeetCode
- 何愷明Focal Loss改進版!GFocal Loss:良心技術,無cost漲點
- Automatically Map Network Drives on Domain Login for All Users, Certain Users, or Certain GroupsAI
- 262-Trips and Users
- How Users Read on the Web (轉)Web
- 分類任務loss不變
- softmax負取樣和nce loss
- 2.2.2 Overview of Common and Local Users in a CDBView
- Import all grant statement of users in mysql schema !ImportMySql
- Oracle users / 許可權 / grant privOracle
- MyEtherWallet程式碼迎來分叉,MyCrypto服務即將誕生
- 簡單談談Cross Entropy LossROS
- PyTorch:損失函式loss functionPyTorch函式Function
- Manual Log Switching Causing Cannot Allocate New Log in Alert Log_435887.1
- Avoided redundant navigation to current location: "/users"IDENavigation
- NETAPP - LOGIN TOO MANY USERSAPP
- Types of Oracle Database Users : Security Officers (2)OracleDatabase
- Types of Oracle Database Users : Application Developers (4)OracleDatabaseAPPDeveloper
- windchill 擴充USERS表空間
- MyEtherWallet遭遇DNS攻擊 使用者報告丟失資金DNS
- win10系統c盤users在哪_win10系統c盤users怎麼開啟Win10
- Recover physical standby database after loss of archive log(2)DatabaseHive
- Types of Oracle Database Users : Database Administrators (1)OracleDatabase
- Tasks of a Database Administrator : Enroll System Users (12)Database
- 動態規劃專題之----198. House Robber動態規劃
- Oracle 11G OCP 1Z0-053 198Oracle