Hijack of Route53 - MyEtherWallet.com

FHR · April 24, 2018, 8:48pm

It seems like a US provider XLHost.com/ee.net/AS10297 hijacked AWS Route53 prefixes few hours ago, provided their own DNS resolvers on these ranges and redirected visitors of MyEtherWallet.com to a Russian-based man-in-the-middle proxy, stealing customers’ wallets and funds.

That’s just gross.

https://doublepulsar.com/hijack-of-amazons-internet-domain-service-used-to-reroute-web-traffic-for-two-hours-unnoticed-3a6f0dda6a6f
https://twitter.com/barton_paul/status/988788348272734217
https://twitter.com/GossiTheDog/status/988873775285460992

Jarland · April 24, 2018, 11:10pm

Starting to wonder why any of us store private data on the internet. At this point we may as well admit, the internet itself is the vulnerability.

vovler · April 26, 2018, 12:12am

JackHadrill · May 1, 2018, 12:59pm

This is what inspired me to move to clown computing about a year ago :')
I think the only thing I’ve yet to sort is my emails, but I trust that I’m in safe hands for the time being there
Having said that, I’m looking to learn how to do it myself, but finals are a heartless bitch and spacetime and JackTime™ don’t seem to be in sync.

FHR · May 1, 2018, 2:05pm

Wouldn’t help you in this case, I can hijack the IP block your server is on and it’s game over either way.

JackHadrill · May 1, 2018, 2:18pm

BGPSec and RPKI? But yes, in general you’re right. Was replying more specifically to @Jarland’s comment out of context. My bad!