Security researcher Wesley Neelen reported about a phishing campaign aimed at the Myetherwallet.com site users. Myetherwallet.com site provides online wallet services for the Ethereum cryptocurrency. The attackers managed to steal $15,875 in ETH cryptocurrency whithin just 2 hours.
Neilen discovered the phishing campaign once he received an e-mail asking him to login into his Myetherwallet.com account in order to prepare for the upcoming Ethreum hard fork update.
Once you click the fake MyEtherWallet.com link provided in the received email, you’re redirected to a phishing copy of this site. Hackers used a Unicode domain xn--myetherwalle-9me.com which makes it hard to discern from the real domain. The only difference was a small symbol in the domain name (T-comma underneath the letter). The hackers even implemented HTTPS certificate using the free Let’s Encrypt service.
When a victim enters password and private key for cryptocurrency wallet on the phishing website, attackers immediately use the password to enter victim’s real Ethreum wallet and steal all cryptocurrency. The analysis of the clone website showed that some users fell for this trick. Wesley Neelen managed to find a live log file with the list of all compromised online purses and stolen funds.
One of the victims wallets lost 42.50 ETH. 42 ETH was equal to $12,577.63 around the time of the phishing attack. The total amount of ETH earned on the address from the attackers is 52.56 ETH which was equal to $15,875.65. The cryptocurrency was sent to three purse belonging to attackers.