Hackers Stole Over $15,000 With a MyEtherWallet Phishing Scam

A sophisticated phishing operation targeting MyEtherWallet users netted criminals more than $15,000 in just hours last week. The attack came to light when security specialist Wesley Neelen discovered

By Ray Crawford·29 October 2017·2 min read

Hackers Stole Over $15,000 With a MyEtherWallet Phishing Scam

Key Points

A sophisticated phishing operation targeting MyEtherWallet users netted criminals more than $15,000 in just hours last week.
The attack came to light when security specialist Wesley Neelen discovered

A sophisticated phishing operation targeting MyEtherWallet users netted criminals more than $15,000 in just hours last week. The attack came to light when security specialist Wesley Neelen discovered he'd received a fraudulent email on October 24th claiming the popular wallet service was rolling out a hard fork and requesting users verify their holdings by entering Keystore Files or private keys. The ruse would have compromised victims' wallet access entirely, giving attackers the ability to identify balances and drain accounts.

728×90

The perpetrators invested considerable effort into mimicking the legitimate MyEtherwallet.com interface and domain structure. The fake address exploited a Unicode character—a comma positioned beneath the letter 't'—that made the URL appear authentic at first glance. Users deceived into submitting credentials handed attackers complete control of their digital assets, which the criminals systematized into rapid transfers across multiple addresses.

Neelen, having registered his email address through the Kin Foundation's ICO pre-registration system, remained skeptical and declined to input any information. Instead, he commenced his own investigation, probing the fraudulent platform for exposed data alongside colleague Rik van Duijn. The pair uncovered accessible backend logs documenting every wallet the attackers had successfully compromised.

The operation's largest score involved approximately 42.5 ETH—valued at roughly $13,000—extracted from a single account. Across all successful thefts, perpetrators accumulated 52.56 Ether totaling approximately $16,000. The transfers between compromised wallets and three receiving addresses unfolded within hours, completing before most victims likely noticed the intrusion.

Recognizing the registrar's resistance to intervention—describing the hosting provider as "bulletproof"—Neelen pursued formal channels, reporting the incident to law enforcement authorities and requesting official takedown notices against the malicious domain.

MiningPool content is intended for information and educational purposes only and does not constitute financial, investment, or legal advice.

728×90