MyEtherWallet was hijacked this morning at a cost of about $152,000. The wallet, which is an app for holding and sending ether (and ether-based) tokens. Although this is a large amount of money, the loss could have been a whole lot higher had the company behind MyEtherWallet not been so vigilant on finding the issues and informing its customer. The first communication went out within 15 minutes of the hack actually taking place. A pretty impressive response rate. Although customers did post their concerns they were quickly responded to by a lead developer requesting that they did not use MyEtherWallet. Those using the Google Public DNS were told not to access the wallet because the DNS servers were being directed to a bad server. The company behind MyEitherWallet also stated that the attack was not from their side but from the Google servers. It has been reported that the team behind the hack were pretty large – they had to be to be able to hijack Google. Google is yet to respond to questions regarding the attack today.
Google was extremely efficient this morning and servers were soon routed to where they should have been and back in full working order. Testing was still continuing throughout the day to ensure business returned to usual as soon as possible. The CEO of MyEther-Wallet was reluctant to confirm everything was resolved without being 100% sure that the DNS servers were working and that no more funds would be lost.
What Has Happened To The Funds?
At the moment, the $152,000 that has been taken is being broken up and distributed all over the place. The actions have been followed by Etherscan – the supplier of information to Blockchain – throughout the day. According to Etherscan, 216.06 ether were received through 179 transactions during the 15 minutes of the attack. Three hours later, 215 of those ether were sent to another address and since then have been split into smaller funds and distributed to several wallets. This is standard practice with hijacking so there are no surprises with what has happened to the money.
Sadly this is the way that the world is at the moment and hacks are now a lot more commonplace especially in Cryptocurrencies because of the vast amounts of numbers involved. Only back in November 2107, $264 million was locked in code after a hacker tried to break into Ethereum and changed some of the coding. Attempts are still being made now to try and release the huge amount. Today’s event certainly won’t be the last either. The main thing to push now is the education of the users. There are ways to ensure that hacks don’t take place but it means that customers need to understand that they have to opt for hardware wallets as well as use local versions of MEW. Using Public DNS sites are insecure and leave the user wide open for hijacks to take place. Hopefully, customers will learn as more money is lost and more users are affected.