Users of two popular cryptocurrency wallets — MyEtherWallet (MEW) and Electrum — have recently fallen victim to phishing attacks.
The news about the scammers’ attacks created a buzz in the cryptocurrency community on Feb 4 — when the MEW team tweeted an official warning.
Phishing is a widespread scam under which wrongdoers target their potential victims by sending out emails pretending to originate from a legitimate financial institution. These fake emails disguise the attempt to steal some financial and other sensitive data from the users. Eventually, this may lead to the loss of investors’ funds.
MyEtherWallet’s case proved to be a textbook example of phishing. The affected users received a fraudulent email notifying them about an alleged DNS attack on MEW. The victims of this false security breach were requested to disclose their private keys or mnemonic phrase to download the update and secure their wallets. To scare the users, scammers warned that — should the users fail to comply — their wallets would be compromised and they might lose all their stored funds.
Together with the alert, the team behind MyEtherWallet published a screenshot of this email and urged its clients to stay calm and disregard the fake news.
There's another phishy email going around asking users to give up personal information. Don't believe the hype!
#1. We will never email you first (only reply to support).
#2. We will never ask for your private key (or other sensitive info).
#3. Be skeptical! pic.twitter.com/654TLIt5ar
— MyEtherWallet.com (@myetherwallet) February 4, 2019
You Are Not Alone
Notably, MyEtherWallet was not the only target. Scammers also attacked another crypto wallet, Electrum. According to its users, the scam involved a fake system message about a ‘security update’ to Electrum 4.0.0. However, the suspicious GitHub link offered to download a compromised wallet version.
The team behind Electrum was also quick to react. In its account on Twitter, it claimed that its latest wallet’s version is 3.3.3. The company added that it would announce the availability of the new Electrum version and recommended downloading updates only from the official website.
The latest version of Electrum (version 3.3.3) will notify users when a new release of Electrum is available. Release announcements are signed by us, and verified by Electrum using a hardcoded Bitcoin address. This feature is optional and can be disabled. https://t.co/Y2DXoUyOgk
— Electrum (@ElectrumWallet) January 26, 2019
In Dec 2018, Electrum wallet users faced similar phishing attacks. At that time, hackers stole over 200 BTC via a similarly fake security update notification.
Don’t Trust, Verify
It’s worth mentioning that MyEtherWallet positions itself as one of the most secure digital wallets because of its partnership with PhishFort and Segasec, two cybersecurity services providers. The next day after the scamming news, MEW reminded its users about this when the company published another post on Twitter to describe its partners’ latest progress in preventing malicious attacks.
Yesterday’s #phishing tweet received a lot of attention and generated some concern, but we’d like to point out: #MEW, with security partners @PhishFort and @segasec_com is constantly monitoring and bringing down scams! Can you guess how many per day?https://t.co/iFkA0Ag2Pl
— MyEtherWallet.com (@myetherwallet) February 5, 2019
According to the revealed data, since June 2018, Segasec’s advanced technology has helped to stop over 550 attacks on MEW. Meanwhile, during just two months of partnership with PhishFort, 188 phishing websites have been spotted.
However, cryptocurrency wallets nevertheless remain a favorite target among hackers — which is especially true of the Ethereum-based MEW. In the recent analysis of cryptocurrency crime trends, cryptocurrency research and blockchain monitoring company Chainalysis concluded that Ethereum (ETH) remains the cryptocurrency of choice for crypto-related scams.
Modern hackers and their technologies are getting more and more sophisticated. However, in many cases, you do not need advanced tools to be safe. When in doubt, be on the alert and ask questions. When concerned users asked the MEW team about the fake system of notification, they received a very straightforward answer.
What do you do to protect yourself from being tricked out of your money? Let us know in the comments below!
Images courtesy of Twitter, Shutterstock.