![real-estate-3337032_1920.jpg](https://steemitimages.com/DQmQDbPrLv95jWoXFXaheQ2q8TceZFGbZS24N4hZ2LJW93z/real-estate-3337032_1920.jpg)

On April 24, 2018, the MyEtherWallet website came under attack. At first it was unclear what exactly the issue was, but users were reporting that their funds were being withdrawn to an address they did not own after they had attempted to log in.

Users identified that it appeared to be a security <a href="https://www.ssllabs.com/ssltest/analyze.html?d=myetherwallet.com">SSL</a> mismatch, which was redirecting users to a new domain. The new domain was being used to phish details. 

Users were only being impacted if they were attempting to log in through the rerouted website using their private keys, with many ignoring warnings from their browsers. A reddit user discovered that MEW itself had not been hacked, but rather, its DNS had been spoofed. This was shortly confirmed by the <a href="https://twitter.com/myetherwallet/status/988830652526092288">MEW twitter account</a>, stating that a couple of DNS servers were hijacked, and were redirecting users to a phishing site as suspected.

The hacker appeared to have attained at least 215 Ethereum as a result of this. <a href="https://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29">You can see the transactions here</a>. 

A web wallet such as MEW works as an access to your funds on the blockchain. The attacker could therefore only reach users funds on the blockchain if they had the correct logon details, which they were attaining through phishing. This reveals one of the problems that can arise when storing assets using a web wallet, especially if you access that wallet through the website itself, rather than using something like Metamask. There are multiple different ways an attacker may be able to gain your log in details while you are using a web wallet, and these could cost you all your funds.

<a href="https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/">MEW provided a complete technical breakdown of the issue</a>.


<h2>What are the best ways to store your funds?</h2>

<h3>Protect your private keys</h3>

Many of our customers use MEW. It’s quick, easy and convenient. However, there are better ways to access your wallet than by logging in through the MEW website and inputting your private key. Using an app like <a href="https://metamask.io/">Metamask</a> means you don’t need to risk losing your funds if the website gets hacked or rerouted. It is worth looking into <a href="https://myetherwallet.github.io/knowledge-base/offline/">ways you can use MEW offline</a>. 

<h3>Cold storage exchange</h3>

Storing your funds on an exchange like QRYPTOS or QUOINEX with 100% cold storage is one way to ensure that your funds are properly protected.

A hot wallet is a wallet that is kept online, and they are vulnerable to theft as they are always connected to the internet. On the other hand, cold storage is kept offline.

We pride ourselves on our cold wallet approach. For more information, please read our <a href="https://medium.com/@QUOINE/why-we-use-100-cold-wallet-storage-f1881fe1c3e8">blog about our cold storage</a>.

<h3>Hardware wallet</h3>

A hardware wallet like a <a href="https://www.ledgerwallet.com/">Nano Ledger S</a> or a <a href="https://trezor.io/">Trezor</a> stores your private keys offline within its secure hardware. They are highly recommended by anyone in cryptocurrency as one of the best and safest ways to store your funds. When you use a hardware wallet you have to enter a passkey to be able to access the funds.

With a hardware wallet the private keys are stored in a highly protected area and they cannot be transferred off the device in plain text. They are also designed to be protected from computer viruses.

If you were using a desktop wallet to manage your funds you would be at high risk to computer viruses, but with the use of a hardware wallet you should not be affected. Additionally, with many popular hardware wallets there are physical buttons you have to press in order to confirm a transaction you are making, which adds an extra layer of protection that other wallets cannot provide. Also, a lot of hardware wallets have open source code, which is reassuring because community members can, and will, evaluate the code to ensure that there are no issues and your funds are as safe as possible.