MyEtherWallet Hack Explained & Great Tips for Avoiding Hacks
Unfortunately there were a number of Ethereum users who were unknowingly conned out of a total of $150,000 worth of Ethereum.
This certainly isn’t the most money lost in any single hack, but regardless, it could have been prevented if those individuals were aware of and took seriously, certain safety protocols.
They lost funds because the hackers were able to reroute the traffic intended for MyEtherWallet and sent them instead to a malicious site which pretty much just absorbed the funds being stored in the wallets of the individuals who logged into their wallet via the malicious site.
It’s been noted that the most impressive aspect to this hack isn’t the amount of Ethereum taken, but instead how the hackers were able to identify and take advantage of certain internet protocols like the Domain Name System (DNS).
In defense of the legit MyEtherWallet site, there was a warning issued highlighting the invalid security certificate.
VIEW VIDEO HERE ^^^
There was a kind of tragic report from a man who apparently went to the MEW site and then * despite the security warning *, continued to log into his wallet and was greeted with a 10 second timer counting down the time until all of his funds would be transferred to the hacker.
Now that we generally know what happened, allow me to show you a pretty easy way to side step this situation altogether.
That way, you can have peace of mind knowing that you won’t be vulnerable to hacks like this in the future when you want to use MyEtherWallet in particular.
It’s pretty cool, essentially you can download an offline version of MyEtherWallet.
This means you don’t need to trust that the web servers are directing you to the legitimate MyEtherWallet web page.
Here’s how you do it:
Go to the MyEtherWallet GitHub.
Find and click on the etherwallet .zip file in order to download it.
You should then move this file onto a USB drive so that you can then plug it into your offline computer in the future.
Once your computer is disconnected from any internet connection, or if you want to use this on a computer that has never had access to the internet in the first place, you can plug in this USB drive and extract these files onto your computer.
Once you’re ready to interact with this offline version of MyEtherWallet, you can do so by selecting the index.html file which will open your web browser (even if you are not connected to an internet connection.)
From here you’ll be able to generate new wallets and send transactions by using the “Send Offline” section, all while being disconnected from the internet.
The MyEtherWallet team does reccommend periodically updating your now local version of MEW since they do update the actual website from time to time.
Additional Reading/Sources/Links:
More about the newest hack
MyEtherWallet GitHub
MEW guide for Offline access
This is why I always use a hardware wallet and very rarely access it. I know what I own and have no bed to constantly Check in on it.
@crypto2crypto, I have not the slightest idea what a wallet was. you explain me? I am new in this world.
Great stuff! My friend got hacked in MEW! Scary shit! Thanks for sharing! You are really pretty! :)
Hi Heidi!
As always thanks a lot for the amazing content.
That hack shows us that we have to be very careful and always try to stay as secure as possible to not lose all our funds in the crypto world. There are still so much vulnerabilities in the revolution which shows us that we are still in the beginning.
Thanks a lot for the offline version of MEW. Really cool.
thanks friends, this is very helpful to us. because in this period of time a lot of hackers who target all the money we have. including in steemit also so friends.
Hey lost my wallet weeks back, I wasn't well guided Sha but I hope to open one soon thanks for the tip
I feel very sorry for the people who lost their funds. The only we can do is to learn from these mistakes and put changes in place to avoid these situations in the future. This is a great read for everyone.
Upvoted. Thanks for sharing. But how did they reroute funds? My concern is that if they can reroute that website, then why not also Steemit? Now, Steemit has keys (passwords). It has a master password. In other words, Steemit has that security system, about 4 different keys for each Steemit user.
Maybe, Steemit is safer because of that. Maybe the MyEtherWallet website lacks that same blockchain system which maybe can keep us away from hacks, reroutes, etc.
I know a little bit of code. i do some web design. I'm not an expert but I understand a bit. I have heard before of possible, potential, dangers, that websites can have if they are hacked, or if you accidentally submit passwords into the wrong websites which then takes your passwords to log into the real websites to steal your money, accounts, etc. They say online exchanges, like Bittrex, may be dangerous if people got into that to take your money out of that.
So, is Bittrex or Steemit a little bit safer than MyEtherWallet or are they all equally as dangerous? I am trying to understand how hackers reroute. Do the hackers intercept transactions between you and the actual servers of the websites?
But I do agree that offline wallets are better.
Hi! I will upvote and resteem your post to my 35,000+ followers if you reply to this comment.
👍🏻 a-0-0
Good thing I've never been hacked in cryptospace. I don't know why this kind of things happen to other people.
Thanks for this post.