DNS Server Hijacking Results in Funds Being Stolen from Popular Crypto Website, MyEtherWallet

By CircleID Reporter

Close to 1300 IP addresses were hijacked this morning resulting in Amazon losing control of a number of its highly used cloud services. "The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users," reports Dan Goodin in Ars Technica. "Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country… The redirection came by rerouting domain-name system traffic and using a server hosted by Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site… The attackers managed to steal only a small amount of currency from MyEtherWallet users, most likely because the phishing site used a fake HTTPS certificate that would have required end users to click through a browser warning."

Update April 27, 2018 – Statement provided by Equinix: "Equinix is based in Redwood City, California. The server used in this incident was not an Equinix server but rather customer equipment deployed at one of our Chicago IBX data centers. Equinix is in the primary business of providing space, power and a secure interconnected environment for our more than 9800 customers inside 200 data centers around the world. We generally do not have visibility or control over what our customers — or customers of our customers — do with their equipment. Our role is to provide the best environment possible for our customers to transform their business. Through our blog and other customer resources, we offer best practices and advice for our customers on a variety of topics related to their digital infrastructure deployment including security."

Related topics: Cyberattack, DNS

Comments