• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

MyEtherWallet DNS Hack Causes 17 Million USD User Loss

April 29, 2018

Views: 5,488

Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.

MyEtherWallet DNS Hack Causes 17 Million USD User Loss

The hack itself could have been MUCH bigger as it actually involved compromising 1300 Amazon AWS Route 53 DNS IP addresses, fortunately though only MEW was targetted resulting in the damage being contained in the cryptosphere (as far as we know anyway).

Crooks today hijacked internet connections to Amazon Web Services systems to ultimately steal a chunk of alt-coins from online cryptocurrency website MyEtherWallet.com.

The Ethereum wallet developer confirmed on Tuesday morning that thieves redirected DNS lookups for its dot-com to a malicious website masquerading as the real thing. That meant some people logging in to MyEtherWallet.com were really connecting to a bogus site and handing over their details to criminals, who promptly drained ETH from their marks’ wallets.

Victims had to click through a HTTPS error message, as the fake MyEtherWallet.com was using an untrusted TLS/SSL certificate. The bandits have amassed $17m in Ethereum in their own wallet over time.

Crucially, this DNS hijacking was possible after miscreants pulled off a classic BGP hijacking attack on AWS. MyEtherWallet.com uses Amazon’s Route 53 DNS service so that when people try to visit the dot-com, AWS looks up and returns to web browsers the IP addresses of the wallet website’s web servers.

Between 11am and 1pm UTC today, someone was able to send BGP – Border Gateway Protocol – messages to the internet’s core routers to convince them to send traffic destined for some of AWS’s servers to a renegade box in the US.

That rogue machine then acted as AWS’s DNS service, and gave out the wrong IP addresses for MyEtherWallet.com, pointing some unlucky visitors to the dot-com at a phishing site that stole their money.

It’s a shame people aren’t more careful as the SSL certificate wouldn’t match, so there was a browser warning for everyone that visited. I saw one guy that lost 85 ETH, which is a fairly significant amount for anyone.

As far as attacks go it’s a fairly sophisticated one targetting DNS and using BGP hijacking to route the traffic to an owned box in the US.

Of course BGP takes and DNS Hijacks are nothing new and have been going on for years like the mass domain hijacking via the Gandi.net DNS hack.

“As soon as I logged in [to myetherwallet.com], there was a countdown for about 10 seconds and a transfer was made sending the available money I had on the wallet to another wallet,” wrote one victim of today’s crypto-cash heist.

“I have no idea what happened. I barely download things and thought I was careful enough at least to avoid problems.”

BGP hijacking is, sadly, decades old, and has proven a reliable technique for criminals and other scumbags over the years.

In this case, it is thought the thieves used a compromised Equinix-hosted server in Chicago to capture traffic rerouted from AWS’s Route 53 DNS service. Technically, the miscreants behind the hijacking could have snatched control of all sites using Route 53 for DNS. The impact of the hijacking could have been a lot worse than a raid on ETH money stores.

The malicious phishing site was hosted in Russia. The only indication something was amiss was the self-signed certificate the phishing page presented, when people tried to connect to MyEtherWallet.com.

It is claimed the network block AS10297, belonging to Ohio-based website hosting biz eNet, announced it could take over traffic destined for some of AWS’s IP addresses. eNet peers with big-name carriers Level 3, Hurricane Electric, Cogent, NTT and others, and is therefore plugged into the internet’s backbone. eNet was well placed to alter part of the world’s internet plumbing to redirect connections to Route 53’s DNS service, in other words.

It’s highly likely someone took eNet’s systems on a joyride – ie: without permission – to make this routing adjustment announcement.

The attack is now believed to have been addressed, with the routes restored, although some DNS caches may still hold the wrong IP addresses for Myetherwallet.com for a while. The site is advising customers to use caution and, if possible, keep their wallets offline. The website is also advising punters to switch their DNS settings from Google’s DNS servers to those of Cloudflare, which seemed to have ignored today’s switcheroo.

This is not the first time MEW has been targetted and it definitely won’t be the last, it’s a fairly high-profit target as this attack as shown – so we will see more focused attacks on it in the future.

The crypto space is the wild wild west right now as it goes, one of the downsides of decentralization is that everyone is control of their own private keys and thus funds, opening them up to all kinds of scams, phishing attacks and DNS attacks like this one.

It will get better as the space matures, but if you’re in the space – make sure your opsec is solid.

Source: The Register

Related Posts:

  • Ethereum Parity Bug Destroys Over $250 Million In Tokens
  • An Introduction To Web Application Security Systems
  • TeamViewer Hacked? It Certainly Looks Like It
  • Malaysia Telco Hack - Corporations Spill 46 Million Records
  • Another Week Another Mass Domain Hijacking
  • Understanding the Deep Web, Dark Web, and Darknet…
Share
Tweet95
Share
Buffer24
WhatsApp
Email
119 Shares

Filed Under: Hacking News Tagged With: cryptocurrency, myetherwallet



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Views: 179

Automated internet traffic will now overtake human activity, presenting sophisticated cyber threats … ...More about Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 342

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 349

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 5,500

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 519

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 575

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (231)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,333,840)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,359)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,839)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,813)
  • Password List Download Best Word List – Most Common Passwords (933,804)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,476)
  • Hack Tools/Exploits (673,480)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,461)

Search

Recent Posts

  • Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation July 16, 2025
  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy