News

Service behind cryptowallet blames dns hijack redirection to phishing site

By admin
Spread the love

The MyEtherWallet service says that some of its visitors were redirected to a phishing site on Tuesday because attackers had hijacked a number of DNS servers. As a result, some users ended up on the malicious site and lost ether.

In its statement, MyEtherWallet makes no mention of victims, but writes that “affected users may have ignored an SSL warning on the malicious version of its site.” By this it means that the phishing site was not provided with a valid certificate. Because visitors still logged in, the attacker was able to steal ether, which it would have collected in its own wallet. 215 ether has recently been withdrawn from this, which amounts to approximately 115,000 euros converted.

According to security researcher Kevin Beaumont, the unknown attacker used bgp to redirect traffic destined for Amazon’s Route 53 DNS service through a server at Equinix in Chicago. As a result, users of MyEtherWallet, which Beaumont claims is the only known victim so far, would have been redirected to the phishing site, which is located in Russia. According to Oracle’s Internet Intelligence, the redirect took about two hours.

Amazon said in a statement to Ars Technica that “neither AWS nor Route 53 has been acquired or hacked.” It continues: “An upstream ISP was taken over by an attacker who then used the provider to announce some of the Route 53 IP addresses to other networks with which this ISP was peered.” As a result, a small portion of a customer’s traffic would have been redirected to the malicious version of their site. Amazon is showing more information about the Route 53 incident on its status page.

Equinix also responded to Ars Technica, stating that it was not its own server, but that of a customer in its data center in Chicago. According to Beaumont, it is unlikely that MyEtherWallet was the sole target of the attack. The attack, which according to the researcher is the largest that combined bgp and dns, would also ’emphasize the vulnerability of the internet’.

You might also like
News

Amazon has just taken the first real step to compete with Starlink: it has launched…

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Russian ministry bans iPhones due to suspicion of espionage