MyEtherWallet was the red-hot topic a few days back due to the phishing attack where almost 216 ETH were stolen. The team spoke about the phishing attack on Twitter and gave more insight on what exactly went wrong. The team also clarified that the website wasn’t hacked and that it was a phishing attack that took place as the Google public DNS was compromised.
Kosala Hemachandra, the founder of MyEtherWallet, spoke with Finance Magnates about the phishing attack, cybersecurity in the crypto space, and the future of MyEtherWallet.
According to the founder this is what happened “In layman’s terms, someone broke the internet to phish MyEtherWallet,” Kosala said. Essentially, what happened was that a major server was compromised so that users who were trying to reach the MyEtherWallet site were redirected to a fake duplicate site.
“For two hours, all the [MEW] traffic that goes through Amazon servers was redirected to a server in Russia,” Kosala said. The problem happened “within the core system of the internet structure.”
“We can only mitigate, and we can only make it harder for people to do things like this, but I honestly don’t think there’s a hundred-percent complete fix that will come out within the foreseeable future,” he explained.
They further add that the majority of the people affected by the attack were using Google DNS server and the users ignored the warning pop-up which clearly indicated that the website is imitating the MEW portal.
The team has also advised users to make sure that there is a green bar SSL certificate which says ‘MyEtherWallet Inc [US]’ and has asked to ignore any portals or Reddit posts that claim that they will be reimbursing the stolen ETH on their behalf.
He further adds that MEW is having an enormous amount of phishing attacks every day. There are more 6500+ domain names similar to MEW. To avoid these attacks, they are planning on creating a hardware wallet which will be free for download and use. It will help create a P2P connection with MEW and the users private key which will not leave their phone.