BGP hijacking how to empty digital wallets

BGP hijacking: Last night, users of MyEtherWallet began to notice something strange. By signing in to the service, there was a non-signed SSL certificate and of course a warning.

It was unusual, but it was the kind of problem that usually some react without thinking.BGP hijacking

However, anyone who clicked on this certificate alert was redirected to a server in Russia, which emptied the user's wallet. Judging from the trading activity, the attackers seem to acquire already more than 17 million dollars in Ethereum.

MyEtherWallet confirmed the attack on a statement at Reddit.

"We are currently in the process of verifying the servers to resolve this issue as soon as possible," the company told users. "We advise users to run a local (offline) copy of MyEtherWallet."

The attackers did not appear to have violated MyEtherWallet itself, but used an Internet infrastructure blocking myetherwallet.com's DNS requests. So they made the Russian server look like the legitimate owner of the address.

To hinder these requests, hackers used a technique known as BGP hijacking. This technique spreads misleading routing information to trap movement during transport. Typically, the use of such a hijacker requires invasion of BGP servers operated by an ISP (Internet Infrastructure Provider). In this case, hijacking happened to an ISP from Chicago, although the root of the evil is still unknown.

So far, MyEtherWallet is the only confirmed service to have this kind of attack.

Let's say that BGP hijacking has long been known as a fundamental weakness on the internet. History is a great example of what can happen when we operate automated, or impulsively without thinking.

See the certificate used:

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).