Hijack of Route53 - MyEtherWallet.com

It seems like a US provider XLHost.com/ee.net/AS10297 hijacked AWS Route53 prefixes few hours ago, provided their own DNS resolvers on these ranges and redirected visitors of MyEtherWallet.com to a Russian-based man-in-the-middle proxy, stealing customers’ wallets and funds.

That’s just gross.


https://twitter.com/barton_paul/status/988788348272734217
https://twitter.com/GossiTheDog/status/988873775285460992

3 Likes

Starting to wonder why any of us store private data on the internet. At this point we may as well admit, the internet itself is the vulnerability.

9 Likes

2 Likes

This is what inspired me to move to clown computing about a year ago :’)
I think the only thing I’ve yet to sort is my emails, but I trust that I’m in safe hands for the time being there :wink:
Having said that, I’m looking to learn how to do it myself, but finals are a heartless bitch and spacetime and JackTime™ don’t seem to be in sync.

Wouldn’t help you in this case, I can hijack the IP block your server is on and it’s game over either way.

BGPSec and RPKI? But yes, in general you’re right. Was replying more specifically to @Jarland’s comment out of context. My bad!