Over the last few years, MEW (MyEtherWallet) has established itself as one of the best-known firms in the world of cryptocurrency. But unlike most other marquee names in this space, MEW doesn’t run a currency exchange or sell crypto assets. Instead, it provides a free and open-source software tool that lets users conduct their own blockchain transactions — along with educational content about the blockchain ecosystem.
In principle this means MEW has relatively few attack vectors: it doesn’t store users’ passwords or private encryption keys, nor does it have access to their digital funds — and its software runs locally on each user’s computer. But with so much money at stake, it’s no surprise that hackers took aim at the site. And they got creative.
In early 2018, cybercriminals deployed a sophisticated attack on MEW that exploited a fundamental weakness in the way the Internet routes traffic. In short, hackers managed to convince one of Amazon’s authoritative servers — one of the main Internet servers that directs network traffic — that all queries for the website MyEtherWallet.com should be directed to a new destination.
The imposter website looked identical to MyEtherWallet.com and offered the same functionality, with one vital difference: it sent users’ private keys to the hackers, effectively handing over their cryptocurrency. MyEtherWallet.com wasn’t hacked, but users were being sent to a site that was.
As we explained in Cloudflare’s detailed analysis of the attack, this wasn’t MEW’s fault (nor was it uniquely Amazon’s). Instead, MEW was a victim of the status quo: from the ISPs that were fooled into syndicating a fraudulent web address to the lack of protection on the DNS resolvers — these aging parts of the Internet have left themselves exposed. And the truth is, the vast majority of websites are vulnerable to the same sort of attack.
But that was little consolation to MEW as it watched its good name get dragged through the mud. To make sure it never happened again, MEW partnered with Cloudflare.
Cloudflare’s mission is to help build a better Internet — and a big part of that is proactively fixing vulnerabilities in the Internet’s core infrastructure. For years, Cloudflare has been working on preventing the very kind of attack that targeted MEW, known as a BGP leak, by employing a technology called DNSSEC.
If DNS is the Internet’s phone book, DNSSEC is the fact-checker that makes sure each number belongs to the contact listed. It was conceived in the 1990s, when these security holes were first identified, but has struggled to get significant adoption because of the complexity involved. That’s hardly a good excuse — especially decades later — which is why Cloudflare has endeavored on a mission to raise the bar for everyone.
As TechCrunch recently wrote:
“...DNSSEC adoption is woefully low. Just three percent of websites in the Fortune 1000 sign their primary domains... Cloudflare now wants to do the hard work in setting those crucial DS records, a necessary component in setting up DNSSEC, for customers on a supported registrar.”
For MEW, the choice to move to Cloudflare was an obvious one. With industry-leading DNSSEC support — and a host of accompanying security and performance enhancements — Cloudflare gave MEW the protection it needs, sans the headaches it would’ve gotten elsewhere.
“Cybercriminals are becoming more sophisticated and we needed a way to defend against attacks like these. Moving to Cloudflare was the best and most straightforward way to do it.” - Kosala Hemachandra, MEW Founder and CEO
While there’s still work to be done in getting more Internet stakeholders to implement DNSSEC, it’s never been easier for Cloudflare customers to get on board. Today, anyone who uses Cloudflare as their DNS, in tandem with a supported registrar, can enable DNSSEC in just one click.
Better yet: now that Cloudflare is the world’s first Registrar you can love — with zero-markup pricing and no surprise renewal fees — you can register, configure, and secure your domains with DNSSEC, all from one easy-to-use dashboard.
Curious about the blockchain? Head to MEW to learn more.
To learn more about Cloudflare’s efforts to expand adoption of DNSSEC, don’t miss our article here.
Enabled DNSSEC to protect against domain hijacking
“Cybercriminals are becoming more sophisticated and we needed a way to defend against attacks like these. Moving to Cloudflare was the best and most straightforward way to do it.”
MEW Founder and CEO