MEW Hack Aftermath: Security tips to avoid losses
One of the mostly used Ethereum wallets, MyEtherWallet or just MEW for short, got compromised on April 24th. MEW seemed to have faced a DNS attack. Malware script that infected MEW’s services automatically sent user funds to the attacker ETH address once the user logged in to his or her wallet.
Incident was promptly reported in Reddit and the bad news quickly spread through Twitter and other social media channels to the cryptocurrency community.
||Domain Name System (DNS) attack || (noun) — a purposeful exploit by an attacker to take advantage of vulnerabilities in the website’s domain name. During the hack, the offender tries to overbar a server with fraudulent traffic data, overwhelming server resources and impeding the ability to service requests.
Online community debated how and who could have breached MEW’s security protocols and on the same day official MyEtherWallet account tweeted: “Google Domain Name System registration servers were hijacked earlier today at roughly 12 PM UTC so that MEW users were redirected to a phishing site.” Apparently, the mentioned redirection of DNS service is an ancient method to mess with internet’s routing mechanisms.
Following the MEW hack and other malicious attacks repeatedly making news in the media, we decided to come up with a Hack cheat sheet. Here are a few pointers to keep in mind regarding your level of security when dealing with cryptocurrencies and tokens:
1. Always check for SSL Certificate. SSL Certificates are data files that encrypt information and allows secure connections from the server to the internet browser. The certificate is usually indicated by a padlock or the word ‘Secure’ next to the domain address. This does not ensure that the site is legit, only that your connection to it is encrypted.
2. Copy & paste addresses instead of typing. Might look like a self-evident advice, but trust us, you don’t want to accidentally send your coins to the abyss on the cloud where it can never be retrieved from again. People have done it, they’re not impressed with the results. Don’t become one of them.
3. Make a small test transaction before sending large amounts. Another trick to increase the likelihood of a successful interaction is to make a small transfer first. Send a minimal cryptocurrency amount such as 0.001 ETH. Wait for the transaction to be confirmed on the blockchain, get a receipt response from the person you’re sending the funds to and then carry on to make larger transactions. This is a simple strategy to test and ensure that your funds go where you want them to.
4. Secure your private keys. This is critical. Do not keep your keys unsecured. If a hacker gets a hold of your private key, your funds may be sent from your wallet to the attacker’s address and that will be the last time you’re going to see these coins. You can use an encrypted drive, a hardware wallet such as Nano Ledger S or go the old fashioned way — write your private key on a piece of paper and store it safely in a security deposit box or your mattress. Your call.
5. Check destination website URLs when clicking on links. Phishing sites use similar URLs to build a fake website clone and lure naive users to provide passwords and logins of their respective accounts. Always double-check website URL to see if you’re not involved in an online fraud.
6. Do not send ICO contributions from exchanges. In most cases, ICOs do not allow token sale participants to send contributions from exchanges and require to use wallets. Always consult with Team members of the ICO you want to invest in. It is always better and more effective to avoid mistakes rather than solve their consequences. Stay safe.
7. ORCA team members will not contact you directly to offer deals or sell tokens. No representatives of ORCA Alliance has the right or intent to contact people and propose bonus deals for the token sale. When dealing with ORCA team or community managers always require them to prove identity. Do that either by connecting through LinkedIn or messaging in {ORCA’s official Telegram Group](https://t.me/ORCAalliance). Please report all suspicious attempts and potential fraud cases to [email protected] or contact one of the community managers in Telegram.
For more tips on security and crowd sales, join ORCA’s Telegram group and ask away — our ever-alert admins will answer all your questions.
By the way, ORCA whitelist is open, visit www.orcaalliance.eu and reserve your seat — early contributors will be awarded. Do not miss out on your chance.