Victims of a massive attack that involved hijacking Google’s DNS registration servers to steal Ether from users of MyEtherWallet will not be compensated, for now, the company’s founder said. According to Kosala Hemachandra, who spoke to Finance Magnates on the matter on Wednesday, there are no such plans “because all of the affected users went through a security warning when they went to MyEtherWallet.com saying ‘hey, this security certificate is invalid, do you still want to proceed?’”
The incident that took place over a week ago did not happen because of any flaw in MyEtherWallet’s system. This means that the team that developed it is technically not at fault for the attack.
Instead, hackers exploited a core part of the internet that allows domain names to resolve to their proper IP addresses and redirected users trying to enter MyEtherWallet to a Russian server containing a phishing page that looked nearly identical to MEW’s login page.
“For two hours, all the [MEW] traffic that goes through Amazon (NASDAQ:AMZN) servers was redirected to a server in Russia,” Hemachandra explained.
Although it’s not the organization’s fault that victims lost over $150,000 in Ether, he feels that the community might be able to persuade him to reimburse them.
“[Reimbursing] is not something we’re planning to do because of all these things that happened, and they did get a warning. But, yeah, if the community reaches out to us and they think that it’s our fault in a way, that’s something we can look into for sure,” he added.
He also points to the fact that MEW experiences “an enormous amount of phishing attacks every single day,” adding that there are many copycat domains attempting to lure people who write the platform’s URL incorrectly.
Unfortunately, there was no realistic way that MEW could have prevented this sophisticated phishing campaign from happening, but Hemachandra is looking for ways to address the issue nonetheless.
“We can only mitigate, and we can only make it harder for people to do things like this, but I honestly don’t think there’s a hundred-percent complete fix that will come out within the foreseeable future,” he said.
This article appeared first on Cryptovest
