Domain Name System (DNS) redirecting of MyEtherWallet

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Adriaan Admin

Staff member
Jan 30, 2018
This week there was a serious phishing attack where hackers hijacked about 20% of Google DNS and redirected Myetherwallet users to the a hackers IP instead of the real Myetherwallet website; to the user the displayed URL matched with the official URL of MEW.. Users who logged in, despite the security certificate error that appeared in the browser, with their password or private key credentials found that their funds were stolen. Users who logged in with their hardware wallet or Metamask were generally safe. Currently the issue has been resolved so it is relatively safe again to use MEW. Important security lessons can be learned from this, because this phishing attack was possible to an inherent vulnerability in the internet, so something similar can potentially happen again on any other domain:

1. Always check the domain name very carefully if it matches AND check to see if the security certificate is valid.
2. If there is a security certificate error visible in the browser, do not proceed and close your browser.
3. If you only want to check your balance; use a blockchain explorer to view; try to avoid logging in to your wallet unless you really want to make a transaction
4. Use a hardware wallet or, in case of MEW, use at least Metamask as the way to transact with MEW. It is also possible to download MEW from Github and run it locally, so you don't need to access your MEW wallet online.
5. If you use a hardware wallet for transactions: always double check by comparing the destination address that is shown on your hardware wallet display before you confirm a transaction. If the device shows a different address than it should be; then there has been a compromise, either by a phishing attack, a hack or a virus. Abort the transaction.

Ofcourse there are many more security tips, but these are just the most important ones with regards to this specific phishing attack. Hopefully this benefits your security improvements. Keep your crypto safe!
Last edited:
Jun 12, 2018
Always check the domain name very carefully if it matches AND check to see if the security certificate is valid. This is very first we should need to check in every step