BGP hijacking: Last night, MyEtherWallet users started noticing something strange. Upon connecting to the service, an unsigned SSL certificate and of course a warning were displayed.
It was unusual, but it was the kind of problem that usually some react without thinking.
But anyone who clicked on that certificate warning was redirected to a server in Russia, which emptied the digital wallet (wallet) του χρήστη. Κρίνοντας από τη δραστηριότητα των συναλλαγών, οι επιτιθέμενοι φαίνεται να αποκτήσει ήδη περισσότερα από 17 εκατομμύρια δολάρια σε Ethereum.
MyEtherWallet confirmed the attack on a statement at Reddit.
"We are currently in the process of verifying the servers to resolve this issue as soon as possible," the company told users. "We advise users to run a local (offline) copy of MyEtherWallet."
The attackers did not appear to have violated MyEtherWallet itself, but used an Internet infrastructure blocking myetherwallet.com's DNS requests. So they made the Russian server look like the legitimate owner of the address.
To intercept these requests, hackers used a technique known as BGP hijacking. This technique spreads incorrect routing information for the subtheft of movement during transport. Typically, using such a hijacker requires hacking BGP servers operated by an ISP (Internet Infrastructure Provider). In this case, an ISP from Chicago was hijacked, although the root of the evil is still unknown.
So far, MyEtherWallet is the only confirmed service to have this kind of attack.
Let's say that BGP hijacking has long been known as a fundamental weakness on the internet. History is a great example of what can happen when we operate automated, or impulsively without thinking.
See the certificate used: