MyEtherWallet suffered a DNS attack

The popular web wallet MyEtherWallet recently suffered a DNS attack, redirecting all users to fake websites and collecting account login information.

Reddit user rodistain claims that a hacker gained access to his wallet and withdrew all funds. He further wrote:

“Woke up this morning, turned on the computer, went to MyEtherWallet and found that the page had a false certificate in the corner. I thought this was strange. I double-trusted the url, triple-checked, went to the web page through a Google search, checked through ETL (EtherAdressLookup) and received confirmation that I was not on a phishing site. And although in every cell of my body I felt catch, I entered my username and password. Literally ten seconds after logging in, a transaction was made from my wallet for all funds to wallet 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29“.

At least 215 ETH (worth about $150,000) were transferred to wallet called Fake_Phishing899, which were then transferred to another address.

DNS attacks can allow a hacker to redirect website visitors to incorrect IP addresses. An attacker can view the credentials of every user logged into the fake website. 

The MyEtherWallet team said on its official Twitter that it is studying the problem and its scale has not yet been precisely determined. They also confirmed the hacker attack described on Reddit and stated that it would take several hours to fully restore the service. 

According to https://www.financemagnates.com