Hacker stole $13,000 in Ethereum during two hours by hijacking DNS Server of MyEtherWallet
This week, a well-known Ethereum online purse website abroad was suspected of being subject to DNS hijacking attacks that caused some users to lose about $13,000 in Ethereum.
The site is hosted on Amazon’s cloud servers and uses Amazon’s DNS server, which makes some users think that Amazon was attacked.
Amazon, which was questioned for security problems, immediately conducted investigations and confirmed that the company’s cloud servers and DNS servers were not attacked.
There is no problem with the DNS server, how can hackers boot users to fake phishing websites and steal usernames and passwords by hijacking?
⅗ Majority of those affected were using Google DNS servers. Affected users likely clicked the "ignore" button on the SSL warning that pops up when visiting a malicious site imitating MEW. MAKE SURE there is a green bar SSL certificate that says “MyEtherWallet Inc [US]”
— MyEtherWallet | MEW (@myetherwallet) April 24, 2018
The Border Gateway Protocol (BGP) is a decentralized autonomous routing protocol on the Internet. Different operators use this protocol to speed up access to websites.
The hackers tampered with the BGP server of the upstream operator to tamper with the original normal routing protocol and then directed the user to the fake phishing websites.
In fact, hijacking the agreement is much larger than hijacking the DNS server, so security experts believe that this attack may be just the beginning.
Hmm, Google's DNS server 8.8.8.8 is returning wrong IP for www. myetherwallet .com and the SSL certificate returned is invalid , BE CAREFUL OUT THERE! @myetherwallet can you please check whats happening! #dentcoin #btc #eth #blockchain #ethereum #bitcoin #gsma pic.twitter.com/JCXOj4CzAr
— DENT (@dentcoin) April 24, 2018
Since hackers can be tempted to hijack BGP servers to tamper with routing protocols, they may be brewing to hijack more sites in bulk for theft.
Hacker’s attack only stole $13,000 in Ethereum and HTTPS also had a great relationship, because hackers could not fake the SSL certificate on the wallet website.
This allows the attacked user to immediately pop up a security warning when the browser accesses it, for users with higher security awareness have found problems and close the site.
Users who did not close the site and ignored the warning and entered the account password regret that all the Ethereum in the wallet had been transferred out to the hacker’s pocket.
Source: theverge
