A recent MyEtherWallet vulnerability allowed hackers to reroute traffic to a phishing site, which led to a loss of around $150,000 worth of tokens. Whilst this, in part, highlighted weaknesses on the MyEtherWallet website, it is also symptomatic of inherent failings in how the internet fundamentally works. It is therefore hard for websites such as MyEtherWallet to fully prevent similar hacks, as it would require changing how DNS servers and IP address routing works.
This hack was made possible as some so-called ”DNS” servers were hacked. DNS servers essentially tell your browser which IP address it needs to access to display the website that you are attempting to reach. However, when DNS servers are hijacked, the hackers behind it can instead reroute users to any website of their choosing – which most often ends up being a fraudulent website.
The anonymous hackers managed to hijack nearly 1300 IP addresses, which allowed the hackers to map rogue destinations as the legitimate website MyEtherWallet.com. The IP addresses in question belonged to Route 53, Amazon’s domain name system. However, it should be noted that it was not Amazon itself nor was it Route 53 that was directly hacked – it would seem it was an upstream ISP that had been affected.
Those affected by the hacked DNS servers would have received an unsigned so-called SSL certificate when they tried to access the page they were looking for. Whilst an unsigned SSL certificate is unusual and should certainly serve as a warning, many internet users routinely disregard such warning signs without much thought. In this case, however, users were redirected to a Russian server that could empty the wallets of users. The hackers managed to make away with nearly $150,000, or 216 Ethereum tokens.
This is not the first instance of large portions of Internet traffic being rerouted to other destinations than their intended ones. It has happened before and has affected many different companies in the past. So far, it has not really been tackled, as it has only happened in rare instances and there have not really been any high stakes involved. However, as the adoption-rate of cryptocurrencies continues to grow, the potential havoc that can be wrecked by DNS poisoning hackers should be noted. Admittedly, it remains comparatively hard to actually execute a successful DNS server attack, but they are nonetheless possible. This is why users should always be aware of any notices of unsigned SSL certificates, even if a DNS attack might seem improbable.
Image Source: “Flickr”
Leave a Reply