New information on the MyEtherWallet hack arose showing that the hackers had a significant amount of resources before performing their attack.
After careful investigation of the recent MyEtherWallet hack, reports show that the attackers had a stash of Ether worth over $17 million. In addition to this, Cryptovest.com found more details related to the incident, including the attack vector used for poisoning the myetherwallet.com DNS.
On Tuesday, between 11am and 1pm UTC, the way the internet routed people to IP addresses was partially compromised after what is presumed to be a group of hackers took advantage of the Border Gateway Protocol—a crucial backbone used to route traffic in the internet—to insert malicious routes on Amazon’s Route 53 service.
Because the system is responsible for so much traffic on the internet, it relies on several “trusted” DNS providers to give users the information they need to resolve the domain names of the servers they need to connect to. Amazon Route 53 is by far one of the most crucial, directing traffic for websites like Twitter. The attack was initiated when hackers used a man-in-the-middle technique to hook onto one of Equinix’s servers in Chicago.
“So far the only known website to have traffic redirected was to MyEtherWallet.com, a cryptocurrency website. This traffic was redirected to a server hosted in Russia, which served the website using a fake certificate—they also stole the cryptocoins of customers,” wrote Kevin Beaumont, an independent cybersecurity researcher.
We have no evidence at this moment that any other websites were affected. However, as Beaumont explains in his blog, it is suspicious for hackers that possess a total of over $17 million in Ether to go through this much effort just to steal $150,000.
This is by far the most sophisticated crypto-related hacking incident yet; taking control of one of the major backbones of the internet to siphon cryptocurrency from people’s wallets.
For all we know, this could have been a test run. The likelihood of another attack is high enough that it might have the cybersecurity community following them for the foreseeable future.
Source: Read Full Article