Web-based Ethereum (ETH/USD) wallet service MyEthereWallet (MEW) has been hacked.
Posting on Reddit, a user said hackers gained access to his account and like everyone else caught up in the hack, he had all of his funds drained.
MyEtherWallet admins detected the DNS hijacking event and attempted to warn users via Twitter.
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet.com (@myetherwallet) April 24, 2018
MEW said “a couple of DNS servers were hijacked to resolve myetherwallet.com users to be redirected to a phishing site.”
At least 215 ETH (worth around $150,000) was transferred to the hacker’s wallet which was then moved to another address. The address has been labeled “Fake_Phishing899” and is accompanied by a warning on Etherscan that the account has been associated with phishing scams.
MyEtherWallet team tweeted that it was researching a DNS issue, but the exact scale of the problem is still not defined.
They also confirmed the attack on Reddit and stated it would be several hours before service would be fully restored.
MEW said the majority of the affected users were using Google DNS servers and recommended users to switch to Cloudflare DNS servers.
By Siranush Ghazanchyan