Update: MyEtherWallet Hackers May Have Targeted Other Websites

A security researcher has warned that the attack on MyEtherWallet may not be end and the hackers may be eyeing other websites.

Komfie Manalo,
50 mins ago


.modalimagetarget:hover {opacity: 0.7;}

.modalImg {
display: none;
position: fixed;
z-index: 10000;
padding-top: 100px;
left: 0;
top: 0;
width: 100%;
height: 100%;
overflow: auto;
background-color: rgb(0,0,0);
background-color: rgba(0,0,0,0.9);

.modalImg .modal-content {
margin: auto;
display: block;
width: 80%;
max-width: 700px;

.modalImg .caption {
margin: auto;
display: block;
width: 80%;
max-width: 700px;
text-align: center;
color: #ccc;
padding: 10px 0;
height: 150px;

.modalImg .modal-content, .modalImg .caption {
-webkit-animation-name: zoom;
-webkit-animation-duration: 0.6s;
animation-name: zoom;
animation-duration: 0.6s;

@-webkit-keyframes zoom {
from {-webkit-transform:scale(0)}
to {-webkit-transform:scale(1)}

@keyframes zoom {
from {transform:scale(0)}
to {transform:scale(1)}

.modalImg .close {
position: absolute;
top: 15px;
right: 35px;
color: #f1f1f1;
font-size: 40px;
font-weight: bold;
transition: 0.3s;

.modalImg .close:hover,
.modalImg .close:focus {
color: #bbb;
text-decoration: none;
cursor: pointer;

@media only screen and (max-width: 700px){
.modalImg .modal-content {
width: 100%;

The hacking attack on MyEtherWallet site on Tuesday morning may not be the end of it as the perpetrators could be targeting other websites even at this time, warned UK-based security researcher Kevin Beaumont in his blog post.

Beaumont said the attack was not discovered until after the hackers stopped, adding they appear to have the capability to launch a similar offensive in the future.

The researcher wrote in his blog post:

“Mounting an attack of this scale requires access to BGP routers are major ISPs and real computing resource to deal with so much DNS (domain name system) traffic. It seems unlikely MyEtherWallet.com was the only target when they had such levels of access.”

$150,000 in Ether lost

Users of MyEtherWallet became victims of a sophisticated cyberattack when criminals hijacked Google’s public DNS servers and diverted them to a wrong IP address for their MEW wallet website. Visitors to the site were sent to a Russian web server instead of the usual CloudFront content distribution network address.

Believing they were on the right MEW website, users provided the private wallet keys, allowing the hackers to steal important information plus some 215 Ether valued at about $150,000 from at least 180 transactions at the address that was eventually distributed to several addresses.

It is believed that the hackers quickly laundered the stolen Ether using another digital currency.

Etherscan, a service provider allowing people to find data on their Ethereum blockchain transaction and addresses, said the hackers used a “Fake_Phishing899” address.

MyEtherWallet confirmed the attack on its website and blamed "a decade-old hacking technique [whereby] hackers find... vulnerabilities in public-facing DNS servers," insisting that the incident was "not due to a lack of security on the @myetherwallet platform."

It went on to say:

“A majority of the affected users were using Google DNS servers. We recommend all our users to switch to Cloudflare DNS servers in the meantime. Affected users are likely those who had clicked the ‘ignore’ button on an SSL warning that pops up when they visited a malicious version of the MEW website.”

$670 million in cryptocurrencies lost to hackers so far this year

The latest attack on MyEthereumWallet underscores the lucrative business of hacking and scamming, with the latest data from Crypto Aware showing that some $670 million worth of digital currencies was lost to criminals so far this year.

According to Crypto Aware, the amount represents almost 40% of all digital assets stolen between 2011 and 2018.