MyEtherWallet has been hacked through a DNS hijack which transfers users to a phishing site that has already stolen 215 eth, currently worth around $150,000.
Those who used myetherwallet.com through Google Public DNS (220.127.116.11 / 18.104.22.168) had their DNS servers resolving the domain to a bad server that could steal private keys as shown by this invalid certificate:
It appears the Google Public DNS is now resolving the correct ips with the SSL Connection showing green. However, it is not yet clear what exactly happened here, nor whether the matter has been fully resolved. We’ll re-print the just shared advice from Michael of Mycrypto with all his emphasis:
“WHAT TO DO IN THIS SITUATION
If you’ve used MEW in the last ~4 hours using the private key or keystore file or mnemonic phrase:
-Check your address on etherscan.io to see if you’ve been victimized by this hack yet.
-Transfer your funds off into a new wallet even if you haven’t been victimized yet. DO NOT GO TO THE SITE TO DO THIS. Run MEW offline referencing the KB article here: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html
If you have used MEW in the last ~4 hours using MetaMask or Ledger Nano S or Trezor:
-You should be fine, since these options don’t expose your private key online when signing transactions or accessing your account. Avoid using the MEW website until successful triage has been confirmed.
If you have not used MEW in the last ~4 hours using the private key or keystore file:
-DO NOT GO TO THE MEW WEBSITE UNTIL THE ISSUE HAS BEEN CONFIRMED TO BE FIXED BY MEW TEAM. CURIOSITY WILL KILL YOU, CAT.”
MyEtherWallet (MEW) had much of its team leave in February to MyCrypto. The reason is unclear, but apparently out of a team of 20, some 19 left to MyCrypto while one person continued to run MyEtherWallet.
Just how resourced MEW is, therefore, and by association just how secure, is unclear after almost everyone left. However, as stated it is unclear what exactly happened here or who/what is to blame for the theft besides of course the perpetrator.