Yesterday we reported live about an attack on the users of the site MyEtherWallet (MEW). Meanwhile, the hustle and bustle. What happened? How can you protect yourself?
The Website MyEtherWallet offers its users the possibility to interact with the Ethereum block Chain. This means, you can interact with Smart Contracts, for participation in an ICO that takes place as a ERC20-Token. MEW is regarded for these purposes as one of the focal points in the Internet.
Man-In-The-Middle attack on MEW
All the more dramatic had the messages yesterday like wildfire through the Internet widespread: “attack on MyEtherWallet! For the time being, do not use!“. The attack began at about 12 a.m. UTC and lasted for about two hours.
It was specifically targeted to MyEtherWallet and users had to fear for your Ether (ETH). The attacker use for his purposes BGP is a Protocol for routing of Internet traffic between Internet Service Provider (ISP). Thus, he directed the traffic to its own DNS, and the user to a fake Website.
The attack was a classic “Man In The Middle Attack” – a decades-old technology. The safety gap was not to MyEtherWallet, but to the known vulnerabilities of BGP.
Cypher punk legend Nick Szabo seize the opportunity to be on the vulnerabilities of Web Wallets. You want to keep the money in safety, should you do not online.
So you can protect yourself:
For the safety of one’s own money, there are two – relatively simple – steps:
- Always make sure that the SSL certificate is, to the left of the URL bar seen is green. The certificate is painted red and that is a compromised Website.
- MyEtherWallet locally on the Computer, install and run it from there. MEW is a Browser application, i.e., also in the case of a Download to use MEW over the Browser of choice. However, you can be so sure that you will be not redirected by a malicious attacker on a third party site.
Where is the attacker?
In the world of the transparent block chains to track down the stolen Ether – 215 ETH, to be exact – track. This is the address the money went first. Who is funny, can keep track of the trail itself in the block Explorer. The attacker does not seem to be arm, one of the addresses has been stored for approximately 16 million US dollars. In the case of a market price of 650 US dollars, the resulting damage amounts to around 140,000 US dollars.
The Hack is to compare the size with others. The equivalent of 670 million US dollars were stolen in the year 2018, already of hackers and Scammers. Who has up to now taken no safety precautions, one should take the MEW-Hack occasion.