After denying earlier hijacking incidents, MyEtherWallet.com (MEW) admitted that its DNS servers were hijacked earlier today.
The attackers stole 215 Ethereum coins valued at approximately $152,000 which were deposited into a digital wallet with nearly $30 mln in currency, according to sources.
MEW users were redirected to a server hosted in Russia, which served a website using a fake certificate for nearly two hours between 11AM to 1 PM UTC.
The attackers used a BGP - a key protocol used for routing internet traffic around the world - to redirect traffic to Amazon’s Route 53 service.
MEW issued a statement acknowledging the breach earlier today, but sources say the company knew there were issues months ago.
Uni Banker, CEO of Blue Protocol (BLUE) says:
“We detected this exact problem in January. We saw these momentary blips and shared that information with MEW. They ignored it.”
Banker told CryptoComes in an interview that he checked the issue himself after learning from a co-worker that something was not right and notified MEW within hours.
After being ignored, Banker decided it was necessary to notify the public, and a series of tweets were posted Jan 8 to the company’s twitter handle @EthereumBlue, which has since been changed to @Blue_Protocol.
MEW claimed the attack was nothing more than malicious rumors, and that BLUE was trying to boost its coins.
MEW told Cointelegraph:
“MEW is not compromised. They [BLUE] are either maliciously spreading FUD to harm others, maliciously spreading FUD to boost their own coin’s price or just so incompetent and were confused. Regardless, its a stupid lie.”
BLUE says it has always tried to prevent security attacks and notified other companies about security issues.
“We found some security issues with Jaxx, another digital wallet site, and they immediately did a voice-chat with us and patched the problem shortly after and credited us in a tweet. MEW did not give us the opportunity.”