Messages confirmed - MyEtherWallet was hacked

Initial messages on Reddit regarding the new hack of MyEtherWallet have been posted in the early evening of 24 April 2018 (European time). Several hours later, they have been confirmed by the media sources and the management of this financial company.

Hackers stole $150,000 from the user wallets, but the security breach has already been fixed, service owners state. The hack was conducted in the form of DNS addresses interception with the subsequent redirection of all visitors to a fake or phishing website designed specifically for this case by malefactors in advance. Usernames and passwords were becoming known to the anonymous criminal group right after the login button was pressed.

And while the security breach has already been eliminated, the money of users would not be easy to return: thanks to the transparent structure of Ethereum blockchain, users could clearly see how the money has been transferred to designated wallets at first, and then they have been shared to even more wallets, likely to confuse investigators.

MyEtherWallet has already been hacked in October last year, and hackers used the same method of deception of users of this service. But that phishing site was visited not through a malicious DNS hijack, instead, the criminal email campaign was the main source.

Image: CoinCentral