[Update] MyEtherWallet says that it is now safe to use the site, and explains that the theft wasn't a result of a hack, but simple DNS spoofing. Users were being taken to a phony MyEtherWallet. MyEtherWallet reminds users to look for the green SSL certificate when visiting the site, before logging in.
[Original Story] Reddit users have been in a frenzy, spreading a word of warning across the internet, that the popular web-based Ethereum wallet, MyEtherWallet, has been compromised.
It started on Tuesday, April24 with one particular user who lost 0.9 ETH due to the hack. As the user logged into MyEtherWallet, the user realized the site had an invalid connection certificate and thought it “was odd.” After double- and triple-checking the URL, even confirming with EAL that it was not a phishing site, the user proceeded to log into MyEtherWallet. Not even ten seconds later a transaction was made from the user’s wallet to another.
After the news spread, dozens of Reddit threads appeared while awaiting an official response from MyEtherWallet.
MyEtherWallet eventually tweeted a warning that a couple of its DNS servers may have been compromised and redirected to a phishing site. The company is investigating which servers were affected and working toward a solution.
According to data from EtherScan, over $150K in Ether has been stolen as part of the hack. Over 179 transactions totaling 216.06 ETH were sent to one address, then 215 ETH of the 216.06 ETH were moved to another wallet.
Users on Reddit are saying that Google’s Public DNS is currently resolving the appropriate ISP, but MyEtherWallet has yet to follow up on with a go ahead to begin using the wallet again.
For the time being, until MyEtherWallet gives the green light, it is advised that users do not log into MyEtherWallet, or risk having their account compromised and funds stolen. Despite private keys being stored on a Ledger S Nano or Trezor, it is also advised that you do not use either of these with MyEtherWallet for the time being, as there is a risk of funds being re-directed.
[Image Credit: Flickr]