Popular Ethereum Web Wallet Hijacked, LiskHQ Takes Security Measures
According to an official statement from the My Ether Wallet team on Reddit, a couple of Domain Name System registration servers were hijacked to redirect myetherwallet.com users to a phishing site.
Affected users received an SSL warning, but they have ignored the alert as they were sure to have clicked on the right website (for example because they added it as a bookmark) and they were redirected to a malicious version of the MEW website. In any case an incident like this doesn’t compromise directly the site.
My Ether Wallet is a free, open-source, client-side interface for generating Ethereum wallets and it is one of the most popular wallets on the internet.
Some tips to reduce the risk of losing your coins: How Not to get Scammed & Phished
In order to avoid similar issues in Lisk, LiskHQ decided to cease hosting the online version of Lisk Hub and the online version of Lisk Nano (https://m.lisk.io) because the web versions cannot guarantee the additional levels of security that the desktop version offers.
Instead, they ask Lisk users to download and use the desktop version.
This is the announcement of Jan Liz-Fonts, Community Manager at Lightcurve:
In response to a recent incident with MyEtherWallet, the thorough decision was made to take extra precaution and no longer host web versions of our wallets. The decision was made to ensure that a similar attack cannot happen to us and affect any of you, our users/members.
For further information, we recommend that everyone take the time to read through this security update blog post.
The desktop version is signed with the Lisk Stiftung certificate, therefore downloading Lisk Hub gives you a local copy that is verified with the digital signature and loaded locally, therefore cannot be swapped out by a BGP/DNS hack.
Lisk Magazine is a project supported by Lisk Italian Group.