• The above Banner is a Sponsored Banner.

    Upgrade to Premium Membership to remove this Banner & All Google Ads. For full list of Premium Member benefits Click HERE.

  • Join The Silver Forum

    The Silver Forum is one of the largest and best loved silver and gold precious metals forums in the world. Join today for FREE! Browse the sponsors topics (hidden to guests) for deals and offers, check out the bargains in the members trade section and join in with our community reacting and commenting on topic posts. If you have any questions whatsoever about precious metals collecting and investing please join and start a topic and we will be here to help with our knowledge :) happy stacking. 

Bumble

Ethereum Wallet Hack

Recommended Posts

Yesterday there was an elaborate attack perpetrated against users of the MyEthereumWallet software. Many users lost their entire holdings of ethereum. Contrary to initial reports, it was not the MyEthereumWallet servers themselves that were hacked, but a hijacking of the Border Gateway Protocol that directs traffic to those servers. The only warning users had was a certificate error, and even that might have been avoided if the attackers had managed to source a fake certificate. There is a brief explanation of it here: https://www.reddit.com/r/ethtrader/comments/8enz0g/how_the_myetherwallet_hack_happened/?st=jgelvb8o&sh=859820a8

This really goes to show how far away cryptos still are from being something ordinary folks can use without becoming a lot more security conscious.

Share this post


Link to post
Share on other sites

The whole point of certificates is to warn users of this sort of thing.  While acknowledging the technical accomplishment of this attack, its more challenging to fake a valid certificate.  This episode shows that people ignore warnings and carry on, this attack could easily have been on a regular bank.

Share this post


Link to post
Share on other sites
32 minutes ago, Martlet said:

The whole point of certificates is to warn users of this sort of thing.  While acknowledging the technical accomplishment of this attack, its more challenging to fake a valid certificate.  This episode shows that people ignore warnings and carry on, this attack could easily have been on a regular bank.

Similar attacks to this have been used on several different payment types, just not in this way. I agree that the main issue was people ignoring security warnings. It could have very easily been a major bank - only difference is that there is no reversal of funds in crypto despite clear ownership chains. 

Share this post


Link to post
Share on other sites

Even security certificates are not as secure as you might hope. Signing authorities can be hacked or tricked into issuing certificates to fakers. Also, browsers by default are set to trust a lot of certificate issuers. I just checked my default installation of Firefox and found that I am trusting the China Financial Certification Authority, the Chunghwa Telecom Co., several Turkish companies, and a few others I'm dubious about. I bet most people don't remove all the dodgy entries from their installed certificates, or are even aware that they are there.

Share this post


Link to post
Share on other sites