Amazon’s internet domain service was seized and Ethereum cryptocurrency wallets were stolen.
MyEtherWallet stated that they were not to be blamed:
“This event was not caused by a security flaw in the MyEtherWallet platform. Pirates found the security gaps in public DNS servers, and that’s why this happened. ”
This was also confirmed by British security researcher Kevin Beaumont who stated that some of the traffic on MyEtherWallet was redirected to a server in Russia although Amazon’s DNS resolvers directed it by a data center company, Equinix, to a server in Chicago.
When users were redirected to the fake MyEtherWallet site, they received an error message saying that this site was using an untrusted SSL certificate; which was the only clue to this attack. The simple mistake that attackers made by not getting a valid SSL certificate increased worries of some users that something was wrong. Customers whose accounts were seized were the users who still went on to do transactions on the web site despite the security alert.
Nobody assumes responsibility
According to the statement made by the data center organization Equinix, The equipment of a customer in the Chicago data center was used in the seizure of Amazon’s Route 53 DNS service: “The server used for this attack is not an Equinix server; it was the equipment positioned by a customer in our Chicago IBX data center. In general, we do not have an opinion or control over what our customers or customers of our customers are doing with their equipment.”
Amazon also points at others as guilty: “Neither AWS nor Amazon Route 53 was seized or exposed. The privacy of a leading Internet service provider (ISP) was exposed by malicious people and using this ISP, a number of Route 53 IP addresses were exposed to be forwarded to other networks. These connected networks which had no knowledge of the problem agreed with the descriptions and directed a small portion of the traffic at a single client’s domain a malicious copy of the same domain address.”
The most effective individual security method for crypto investors is to store their wallets offline. You should avoid keeping your crypto wallet online and keep them on your smartphone or computer or in a hardware wallet.