MyEtherWallet was recently caught up in the news due to a huge phishing attack that they survived in which almost 216 ETH were stolen. Before we proceed, what exactly is MyEtherWallet? MyEtherWallet (MEW) is a free, open source tool for creating wallets that work with the Ethereum platform. It uses the blockchain technology to make transactions.
A lot of users were in a mass frenzy since their Ethers were stolen. The company spoke openly about the phishing attack on their Twitter account. They claim that their website wasn’t hacked but instead there was a problem with the Google public DNS system. Further, they confirmed that Google’s Public Domain Name registration servers were hacked. So whenever any MEW user went onto the website, they were redirected to a phishing site and many as a result ended up losing their ETH.
Since the website does not store any personal information, including keys, the MEW has relinquished any responsibility for the attack. The company was seen defending itself and instead of blaming the users for their carelessness. They accused users of disregarding the warning pop up which indicated that the website is imitating the MEW portal.
The company is now taking some active steps to warn their users about this scam. They have asked the users to check for the green bar SSL certificate which reads MyEtherWallet Inc [US]. Apart from this, the users have also been advised to ignore any Reddit posts which claim to refund their ETH on behalf of MEW.
A lot of users are agitated with the company’s response and subsequent finger pointing towards the users after the attack. Kosala Hemachandra, who is the CEO of MyEtherWallet, said during an interview with Finance Magnets, that the phishing attack was unfortunate but that MEW was not going to take any responsibility for it since it was the users who ignored the warning sign. He says that MEW would only consider reimbursing the stolen money if the community collectively blamed MEW for the attack and if they found out that there was in fact, no warning pop up sign.
The company confessed to being a victim of several such phishing attacks on a daily basis since there are a lot of domain names similar to MEW’s. The company now plans to build a hardware wallet which would help create a P2P connection with MEW and the user’s private key, which will not leave their phone, thereby preventing them from falling prey to phishing attacks henceforth.