Users of the popular MyEtherWallet (MEW) cryptocurrency wallet service were warned recently that they have been scammed. According to MEW, hackers were able to disrupt access to users’ wallets, stealing between $152,000 and $365,000 worth of Ether coins.
Unfortunately for MEW users, there is almost nothing that can be done. The crime can be reported to the police, but there is little chance of the money being recovered.
So how did the attack happen – and how can you protect yourself?
How the hack happened – DNS hijacking
You probably already know that every computer connected to the Internet has am IP address – a unique number to ensure that data is sent and received to the right computer. The Internet relies on a service called the Domain Name Service (DNS) which allows computers to “look up” those addresses when sending information.
DNS is like a huge digital phone book which every computer on the Internet refers to when communicating.
In the MEW attack, hackers were able to break into the DNS service at an ISP and change some of the addresses. When a user tried to access the MEW website, they were redirected to a phishing website. This fake website looked exactly like MEW’s, but when the user logged in nothing happened.
Behind the scenes, the website was recording users’ account details so that hackers could use them to log into the real MEW website and steal Ether coins from their victims.
The DNS hijack lasted just over 2 hours before normal service was restored.
Protecting against DNS hijacking
Unlike most cyberattacks, DNS hijacking does not touch your computer at all. Because the attack is directed at your ISP there is no tell-tale malware installed on your PC for instance. But there are ways to detect a problem.
Don’t ignore SSL certificate warnings
When MEW users first accessed the fake website, their browser would have raised a warning telling them that the site was insecure. MEW uses an SSL security to confirm that their site is genuine, and to encrypt customer data to stop it being intercepted by hackers.
The fake MEW site did not have this protection and users would have been warned before they logged in. Unfortunately many decided to ignore the message that would have saved them.
Use a VPN service to protect your web traffic
Usually we think of virtual private networking (VPN) as a way to connect to the network at work securely. The same technologies can be used to protect your home computer too however.
Using a VPN – like that included with a Panda Dome Premium subscription – have built in protection against DNS hijacking. Not only is all your web traffic encrypted to prevent theft, but the VPN uses a trusted DNS server so hackers cannot re-route your web traffic to fake websites.
For victims of the MEW hijacking, there is almost no chance that they will get their money back. But by using these tips, they can better protect themselves in future.
Upgrade your Internet protections today – download a free trial of Panda Dome Advanced here.