Hi Everyone!
MyEtherWallet (MEW) suffered a domain name system (DNS) attack that allowed a hacker to redirect users to a malicious version of the website and phish their private keys. It has since been restored!
It is important that Cybersecurity is a developing field AND that banks, Google, Paypal and Microsoft and other financial insitutions as well as internet based companies have had histories of being hijacked also. So this is not a unique problem nor one that is effecting just blockchain technology and its development.
AFTER THIS ATTACK MEW STATED THE FOLLOWING:
THE Good News:
* BLOCKCHAIN WILL PROVIDE A TRUST LAYER for The World Wide Web!
* A reminder to me that we can just use etherscan.io to checkup on our holdings:
Access and bookmark here: https://etherscan.io
* Don't use getto DNS servers. 1.1.1.1 or 9.9.9.9. They are more likely to be compromised.
* Thanks for bringing this up Michael. another solution for people who are comfortable with git is to clone the MEW website (it's on GitHub) and run it locally so that it's virtually impossible to hack an ETH transaction. But more than anything I hope that people pay more attention to SSL warnings and I hope that browsers stop making security locks and EV SSL notices so small these days! - Crypto Phil
* You can use https with IP by assigning SSL certificates to IP range but it is not done usually! The problem is that the IP is not static and it could change and there is no way for you to know what the IP is at all time as they could be using DHCP. DNS is actually doing the translation for you. Best way is to NEVER ignore the message that prompts that the "Certificate is not valid", unless you are doing internal test with a locally generated certificates for test. -FAB IT- Solutions TM
* When using a hardware wallet you can also store erc20 tokens in a separate from your ether until you’re ready to move them so they can’t be moved by hackers (gas fees can’t be paid). - BrandyBoys
* Hardware wallets guys. As someone who was phished/hacked using myetherwallet before trust me you need it. Don't just listen to other people and their horror stories and think it won't happen to you. Obviously I made an avoidable mistake and that's on me but why wouldn't you spend 100 bucks on a hardware wallet to protect yourself. There will always be people trying to rob you and they will always be trying new methods. Get yourself the best protection available before you regret it. - Aaron Dontworryaboutit
SEE IN-DEPTH Explanation by BOXMINING HERE:
https://www.youtube.com/watch?v=RJdIIWPu8s4
He said that he will make a more in-depth video to address more technical issues as well as safeguards for the future.
FINDING SOLUTIONS COME FROM QUESTIONS AND RESEARCH.
FOR INSTANCE:
* Do you know how to download MEW from Github and run it locally and securely?
* Do you know how to use your Ether Scan to check balances?
* How safe is any online wallet (access by phone or desktop)? How safe is "EXODUS" wallet (or any other)?
IVAN ON TECH EXPLAINS IN HIS YOUTUBE VIDEO.
ADDITIONAL INFORMATION HERE:
* How DSN works- map main names to IP addresses. DSN servers tell your browser where to go. The issue is that hacking of the protocol used for routing. Amazon routing (Amazon is a big player) traffic was rerouted for up to two hours.
* Internet is a collection of protocols but not structured in the most secure ways.
* The anatomy of the actual hack that occurred on Tuesday 24th of April, 2018.
* This is a problem for the entire internet (all service providers, chains, users).
* Domain address which is rerouted to a different address can usually be tracked, caught.
* Protection is the SSL certificates (Users can see the lock symbol which assures the website comes from the server it comes form). Users should have received a warning (warnings need to be used and taken seriously for protection).
* The smart contract is setup to automatically swap ETH for the ERC20 tokens. An exchange address doesn't work as they often don't give you the private keys which are needed to access the tokens. They also often require transaction labels on so on. Basically, you need an address that you fully control. The technical detail is, the ether address will receive the tokens, you just won't have the private keys to spend them..the exchange holds all private keys...if you have the private key then no problems, but there might also be routing issues.
* It seems to not to classify or think that this hacker is one guy with a hoodie in his basement. It is often a hacking team. These hackers, be it located in North Korea or anywhere in the world, treat it like a businesses. Day and night, 24/7, they work at it with the best minds figuring out how to hack.
https://www.youtube.com/watch?v=zTRKRvVOhyY
FROM ETHER WALLET:
It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide:
IMPORTANT TIPS TO KEEP YOUR WALLET SECURE
https://myetherwallet.github.io/knowledge-base/security/myetherwallet-protips-how-not-to-get-scammed-during-ico.html
PROTOCOL FOR ALL:
HACKERS ARE EVERYWHERE! HOW TO KEEP YOUR INFORMATION & FUND SAFE!!!
FROM THE ARTICLE:
EXCHANGES
There is so many crypto exchanges operating in the crypto world and many of them are shady. On Coin Market Cap you can see the overview of the biggest exchanges expressed by their 24 hour volume. It is more likely that established exchanges operating with high volume are going to be more legit than smaller exchanges. On Reddit and Twitter you can often find posts about problems related to deposits/widthrawals issues or bad customer service provided by such an exchanges. Before you will decide to send your crypto to any exchange, do your research.
Below you can find some tips how to avoid your assets being lost or stolen — already happened couple of times (Mt.Gox, btc-e, Coincheck, Bitgrail,..).
* Use trusted exchanges as binance.com, bittrex.com, coinbase.com (gdax.com) or bitmex.com (for trading with leverage)
* Create new email account for setting up account on any exchange and this email use only for this purpose, never share this email with someone else
* Immediately turn on 2FA (Two Factor Authentication) — for example Google Authenticator is the most favorite one. Google Authenticator is app in your phone generating access codes every 30 seconds. Once you turn on 2FA for any account, you will have to scan QR code through this application and then new line with code will be generated in your app. *Important — print out or save your backup key — if you will loose your phone not having backup key, you will have to contact customer service of every exchange or service to disable your 2FA, it might take long time for them to process this request. Suggest using an offline phone for Google Authenticator!
* Using sms confirmation is not as safe as to use 2FA
* Always set up 2FA for signing in, not for widthrawals only — hackers can use sophisticated methods how to transfer your cryptocurrencies to their accounts without need to withdraw them
PASSWORDS
* Make your password strong — use uppercase and lowercase letters, numbers and special characters, never use date of your birth, your name or anything familiar to you that can be easily guessed for every account set up different password never store your passwords in your browser — it can be easily stolen.
* Use Keepass —it is free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)
* CHANGE, or update your password every 10-14 days.
EMAIL
* Set up 2FA for your email account as well use big providers as is gmail.com or protonmail.com — developed by CERN and MIT scientist, uses client-side encryption to protect email contents and user data before they are sent to ProtonMail servers, in contrast to other common email providers such as Gmail and Outlook.com
* Never send your login details via email or social media do not store your passwords and login details on cloud such as icloud, google drive, dropbox, if you want to store it on cloud, option is to use encrypted mega.co.nz
beware of phishing emails — never click on any link or open any file from email you don't know
as an option to Microsoft Outlook you can use Thunderbird desktop client. Log OUT after use.
OTHER SUGGESTIONS
* Never keep your crypto assets on exchanges — they often got hacked and you might lose everything
the best option is to keep your crypto on hardware wallets — Trezor or Ledger Wallet , the only thing is they don't support every crypto currency.
* Another option is to create cold wallet, generating wallet offline. The best way how to find official wallet is to visit official website of cryptocurrency you would like to store and on the website should be link to download officially supported wallet print out (some say don't use printer connected to internet so maybe write it down).your recovery seed and private key and store it somewhere save,good idea would be to have them store at two different places for occasions like fire, earthquake.
* Never share your private key, it would be like giving away keys and address from your house with the note you are leaving city for holidays to some stranger, only share your public key.
* All ERC20 tokens can be stored in wallet you can create at myetherwallet.com and then to access them is most secure to use metamask Google or Firefox extension.
* Do not install untrusted or unknown browser extensions — hackers can use them as entrance point to your system
if you are not using Java and Flash necessarily — uninstall them, they are huge security flaw.
*Keep all your programs updated, for example Adobe products got sometimes security flaws that can be used by hackers, by updating your applications you will avoid this.
* If you can, use some old computer to deal only with crypto and nothing else
always use antivirus such as Avast, AVG, Norton.
* Never log on to your exchange accounts or wallets from public wifi (cafes, airports, shopping malls) — all the traffic can be watched by hackers.
* At home use cable to connect your pc to the internet, if you have to use wifi router, make sure you have set strong password, never use the default one.
* Encrypt your data — your hard drive and mobile phone — you can use CipherShed for example
entering any website like email, exchange — link should always start with https:// — it means the connection is encrypted. Next to the link should be icon of lock as well and by clicking on it you can see webpage SSL Certificate
* Make sure you are not on phishing website
You can find this more ideas with Crypto Community Foundation on Facebook or on their Twitter — Crypto Community Foundation.
#cryptocommunityfoundation #ccf #cryptocommunity #crypto #assets #security #ciphershed #protonmail #binance #bittrex #bitmex #coinbase #gmail #facebook #twitter #cryptosecurity #password #coinmarketcap #Keepass #thunderbird #outlook #encryption #2FA #google #googleauthenticator #SSL #trezor #ledger #privatekey #publickey #ERC20 #myetherwallet #mew #metamask
READ MORE HERE: https://medium.com/@C_Community/hackers-everywhere-how-to-keep-your-crypto-wealth-safe-79be9d7931d3
#myetherwallet #MEW #cryptonews #digital #wallet #hack #solutions #internet #security #howto #blockchain #education #walletsecurity #resteem #educational #tutorial #help #storingcrypto #safety #darcykbutcher #fieldsofgold #www #emerging #technology #digitalcurrency #cybersecurity
25 April 2018
Please do your own research (DYOR). No one is an expert. Each individual is responsible for their own investments, trading and participation in this space. This information is for educational purposes only and is not financial advice.
Feel free to leave a comment if you have any more ideas we can add to this article!
I hope you liked this article and if you did, you can add support by upvoting. I appreciate it!
As well if you feel like, my BTC donation wallet is 17ensjJ2gaKfNfaZhzU7cEtJmV1Govtqq
hiveblocks