The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.

• Subject: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
• From: jbates at paradoxnetworks.net (Jack Bates)
• Date: Tue, 24 Apr 2018 15:34:47 -0500
• In-reply-to: <[email protected]>
• References: <[email protected]>

On 4/24/2018 1:35 PM, Fredrik Korsbäck wrote:
> Surprised this hasnt "made the news" over at this list yet.
>
In the old days, the list membership would have noticed the hijack. BGP 
hijacks used to be a somewhat popular topic, but like spammer chasing, I 
think everyone grew bored of it and the lack of things actually being done.

> TLDR; So it seems that AS10297 (some small hostingprovider in the US) suddenly started to announce de-aggregated AWS
> IP-space, containing quite alot of Route53 infrastructure, put up resolvers on their own on the hijacked IP-space and
> pointed *ATLEAST* www.myetherwallet.com to a ip-address that seems to be some kind of transparent proxy out of russia
> with a bogus SSL-cert (but still pretty good) (https://46.161.42.42/)
>
>
Why did they use a self-signed cert? If you control the dns or the 
endpoint, you can easily get a signed cert. Given how lax people were at 
detecting this, they would have gotten further if people hadn't been 
complaining about the cert notification.

Jack

• References:
  • The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
    • From: hugge at nordu.net (Fredrik Korsbäck)

• Prev by Date: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
• Next by Date: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
• Previous by thread: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
• Next by thread: The story about MyEtherWallet.com hijack or how to become a millionare in 2 hours.
• Index(es):
  • Date
  • Thread