Thinking about purchasing a Ledger Nano Hardware Wallet? Browse their official website: https://www.ledgerwallet.com/r/67ef

Want to join coinbase to begin your crypto journey? Here’s a link to get free $10: https://www.coinbase.com/join/558828dc34383271a500003b

Step up your game and Check Out Binance too: https://www.binance.com/?ref=10080191

Join the Robinhood app and invite your friends to Robinhood and win free stock. Here’s my invite: http://share.robinhood.com/heidic1

Find me on Steemit: www.steemit.com/@heiditravels
Twitter: @blockchainchick
Instagram: @hheidiann

If you’re looking for an app that tracks the price of BTC & ETH and many other coins, check out the CoinView App: https://play.google.com/store/apps/details?id=br.com.freeflowt.coinview

LINKS FOR ADDITIONAL READING FOR THIS VIDEO & ALL INFO IN TEXT DOWN BELOW

More about the newest hack: https://qz.com/1261540/mew-ethereum-hack-the-internets-infrastructure-was-compromised-to-target-myetherwallet/
MyEtherWallet GitHub: https://github.com/kvhnuke/etherwallet/releases/tag/v3.21.08
MEW guide for Offline access: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html

Unfortunately there were a number of Ethereum users who were unknowingly conned out of a total of $150,000 worth of Ethereum. This certainly isn’t the most money lost in any single hack, but regardless, it could have been prevented if those individuals were aware of and took seriously, certain safety protocols.

They lost funds because the hackers were able to reroute the traffic intended for MyEtherWallet and sent them instead to a malicious site which pretty much just absorbed the funds being stored in the wallets of the individuals who logged into their wallet via the malicious site.

It’s been noted that the most impressive aspect to this hack isn’t the amount of Ethereum taken, but instead how the hackers were able to identify and take advantage of certain internet protocols like the Domain Name System (DNS).

In defense of the legit MyEtherWallet site, there was a warning issued highlighting the invalid security certificate.

There was a kind of tragic report from a man who apparently went to the MEW site and then despite the security warning, continued to log into his wallet and was greeted with a 10 second timer counting down the time until all of his funds would be transferred to the hacker.

So now that we generally know what happened, allow me to show you a pretty easy way to side step this situation altogether so you can have peace of mind knowing that you won’t be vulnerable to hacks like this in the future when you want to use MyEtherWallet in particular.

It’s pretty cool actually, basically, you can download an offline version of MyEtherWallet. This means you don’t need to trust that the web servers are directing you to the legitimate MyEtherWallet web page. Here’s how you do it:

Go to the MyEtherWallet GitHub.
Find and click on the etherwallet .zip file in order to download it: “etherwallet-vX.X.X.X.zip”
You should then move this file onto a USB drive so that you can then plug it into your offline computer in the future.

Once your computer is disconnected from any internet connection, or if you want to use this on a computer that has never had access to the internet in the first place, you can plug in this USB drive and extract these files onto your computer.

Once you’re ready to interact with this offline version of MyEtherWallet, you can do so by selecting the index.html file which will open your web browser (even if you are not connected to an internet connection.)

From here you’ll be able to generate new wallets and send transactions by using the “Send Offline” section, all while being disconnected from the internet.

The MyEtherWallet team does reccommend periodically updating your now local version of MEW since they do update the actual website from time to time.

source

44 COMMENTS

  1. Checking the validity and identity of the SSL certificate ought to prevent this kind of thing. Most browsers will help with that, but it still comes down to the user checking. MyEtherWallet doesn't hold your keys either, does it? Doesn't that mean you would have had to have been asked to enter your key for funds to be lost? That ought to be a big red flag to anyone concerned with their assets.

    Ironically, it ought to be possible to prevent this class problem using blockchain. 🙂

  2. Yep, 1000$ worth of Tron taken from my MEW they should be shut down I really don't care if it was my fault or not MEW made it easy for the hackers from lack of security… I WILL NEVER USE THERE PIECE OF CRAP WALLET AGAIN. It was safer left on Binance.

  3. I bought one million dentacoin and 50000 substratum in their IC o's last summer and had them in my ether wallet and was hit with a phishing scam 1 click of the button and it was all gone

  4. I'm hoping this is the correct forum for this question but for instance if I have put a whole bunch of ERC20 tokens on a nano ledger S and those same tokens switch to their own block chain from the ERC 20 token are my tokens still fine on the nano ledger s ? Will they immediately correct when I transfer them somewhere else?

  5. Good video. I have a question. Is it possible to continue to use MEW as long as we make sure we’re using the correct site and not the phished site?

  6. Good tip to download and use a local copy.

    There are other wallets out there that similarly have an online web interface for their wallets like MEW. Stellar, nano, and elastos all have web wallets similar to MEW.

    There have been hacks like this on the exchange level too, such as EtherDelta. There was also an issue with Binance where people were going to a slightly different version of the URL with little dots under the "n"s in binance. It was a comprised site also that took people's crypto.

    Need to verify the URL and certificate. I click on the lock next to the URL and make sure that the certificate is valid. Before that, make sure the URL is correct. You can use bookmarks to help with that.

  7. Presumably if you store your private keys on a hardware wallet (nano S) and access the web based MEW, your tokens can't be stolen as any transfers need to be confirmed on the hardware wallet. Is that right?

LEAVE A REPLY

Please enter your comment!
Please enter your name here