At midnight, users visiting MyEtherWallet.com found a warning for an unsigned SSL certificate. Those that chose to ignore the warning, got their wallets emptied. The Verge is reporting that hackers attacked the infrastructure of the internet, by hijacking a Border Gateway Protocol router in the vicinity of an internet exchange in Chicago, and directed traffic from MyEtherWallet to a server in Russia. So far at least $13,000 was stolen.
Based on what security researcher Kevin Beaumont has to say about the attack in the quote below, it is possible that more domains were affected during the attack. It is also worth noting that the attackers already had more than $17 million in Ethereum in it before the attack today.
The security vulnerabilities in BGP and DNS are well known, and have been attacked before. This is the largest scale attack I have seen which combines both, and it underscores the fragility of internet security.
Based on what security researcher Kevin Beaumont has to say about the attack in the quote below, it is possible that more domains were affected during the attack. It is also worth noting that the attackers already had more than $17 million in Ethereum in it before the attack today.
The security vulnerabilities in BGP and DNS are well known, and have been attacked before. This is the largest scale attack I have seen which combines both, and it underscores the fragility of internet security.