MEW Hack: Time to look at Decentralized Solutions to DNS Servers

With the recent DNS hack of the MyEtherWallet service, which resulted in roughly $150,000 in Ethereum coins being stolen in a period of 15 minutes, it becomes increasingly important to take a look at the outdated centralized DNS system.

Moreover, what steps might be taken to improve security and failure protection for what is arguably one of the most used internet features, even though most people might not even be aware of it working in the background.

What is DNS?

DNS is an acronym for Domain Name System, and it was invented in 1983 by Paul Mockapetris as a means for providing an easy to remember naming structure for internet addresses, rather than using a long string of numbers.

It is far easier to remember coinbureau.com than it is to remember 192.27.182.203. Before the invention of DNS all the host names on the internet were kept in a huge hosts.txt file on every internet connected computer.

The MyEtherWallet DNS Hack

MyEtherWallet is possibly the most used cryptocurrency wallet in existence. It is used for storing, sending and receiving Ethereum based ERC20 tokens. On Tuesday April 17, 2018 the wallet suffered a DNS hack that redirected users to a phishing site. The team at MyEtherWallet caught the hack with 15 minutes, sending a warning tweet to users at 7:29am EST.

But the damage had already been done to the tune of 216.06 Ether worth roughly $152k.

MyEtherWallet CEO Kosala Hemachandra said that the hackers were apparently

large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for myetherwallet.com.

Google fixed the issue "in a very short time," but it is telling when one of the largest internet organizations in the world can be hacked so easily.

Was MyEtherWallet Warned?

Back in January 2018, MyEtherWallet had come under fire from EthereumBLUE, a competing wallet who tweeted an accusation that MyEtherWallet had been compromised at that time. Soon after the initial tweet a top-level MyEtherWallet employee discredited the accusation, saying that no compromise had occurred.

EthereumBLUE has some credibility in discovering DNS hacks as it was the first group to identify and sound the alarm on the recent EtherDelta exchange compromise. That hack occurred in December 2017 and resulted in 308 ETH, worth roughly $172,000 at the time, being stolen.

The whole drama unfolded in a tweetstorm from EthereumBLUE last January 2018, in which the self-proclaimed static analysis hub claimed conclusive proof of a MyEtherWallet hack.

The claim was rapidly refuted by MyEtherWallet, and nothing more came of the episode, but was it predictive of the events to come?

How DNS Attacks Occur

DNS has long been a target for attackers, due to the inherent vulnerabilities of the system. Below is a listing of the most common ways in which a DNS hack occurs:

• Single Point of Failure: Use of a single server at a single site makes any system, including DNS, vulnerable. See How and Why Microsoft Went Down
• Man In the Middle Attacks: This occurs when an attacker intercepts internet traffic and redirects to an internet address without the knowledge of the victim. See Mumbai firm loses Rs 10.89 lakh to online fraudster
• DNS Cache Poisoning: Occurs when the user traffic of a DNS server is redirected from the legitimate site to a malicious site. See Google’s Malaysian Domains Hit with DNS Cache Poisoning Attack
• Kaminsky DNS Vulnerability: This vulnerability allows an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends. See An Illustrated Guide to the Kaminsky DNS Vulnerability
• Dynamic DNS (DDNS): Malware can use this to change addresses rapidly to avoid detection.
• Distributed Denial of Service (DDoS) attacks: An attack that floods a network with requests, causing a denial of service to any user. See A massive DDOS attack against Dyn DNS is causing havoc online

Besides those mentioned above there are many other examples, small and large, of DNS hacks that have occurred. With the rise of cryptocurrency it has become extremely profitable to orchestrate this type of DNS hack, and we can imagine that the number and severity of such attacks will only increase, at least as long as the vulnerabilities exist.

The good news is that the blockchain also promises to provide a solution to the centralized DNS system that has exposed users to hacking dangers.

Namecoin and DNSChain Solution

One of the very first forks of Bitcoin was Namecoin, and one of its features is to replace both HTTPS and DNS.

This solves many of the vulnerabilities in the traditional DNS system. Rather than having to query a DNS server, which is of questionable trust, users can query the blockchain for which IP matches a domain name. They can also query the blockchain for the hash of a public key rather than a certificate authority.

The most developed implementation currently is DNSChain, which is a proxy for an existing Namecoin node. It relays information between clients and Namecoin nodes. Any user can run DNSChain, or they can use a trusted friends server if they know the public key of that DNChain server.

“Instead of trusting the least trustworthy out of a thousand entities, you're trusting someone you have reason to trust and only that person,” – Greg Slepak, founder okTurtles Foundation.

If you don’t personally know someone running a DNSChain server you can create your own consensus mechanism by querying two different DNSChain servers and checking to see that they return the same response.

Hyperboria Solution

Hyperboria works with the NXT blockchain and is a decentralized network and peer-to-peer library. Anyone can join or leave the network as they please, unlike the current DNS setup run by Icann. There’s also no reliance on centralized routers as the routing table itself is peer-to-peer.

Hyperboria is a self-organizing network and builds its own routes from node to node. While it currently uses the internet for node connection, it has been designed to run using Wifi and can run independently of the internet.

Because NXT has an alias storing ability it can be leverage to store IP address/domain name mappings. When used in conjunction with a DNS bridge the NXT aliases and blockchain can be used for domain name resolution to ipv6 addresses. In fact there are already a dozen of the most popular hyperboria destinations registered within NXT.

Another benefit of this setup is that NXT is proof of stake, so there is no wasteful resource usage that occurs with mining – like in Namecoin. The NXT client can even run on minimal systems like Raspberry Pi.

The Ethereum Name Service

Perhaps the best implementation currently, certainly the most widely used, is the Ethereum Name Service (ENS). It’s important to point out that the ENS isn’t like the traditional DNS service for registering names. Instead it provides a decentralized and secure means to use human readable names that anyone in the world can access either on or off the blockchain.

The initial use case for ENS was to easily transfer Ethereum based funds. Instead of using the long, complex and hard to remember hexadecimal addresses to send funds, the ENS lets users send to a short and memorable address.

For example, one could register “coinbureau.eth” and users could then send Ethereum and ERC-20 tokens to this address, which would be mapped to a standard hexadecimal address. More importantly, ENS can be used to redirect to popular services, such as smart contracts, Dapps, or any other resource one can imagine.

The ENS avoids vulnerabilities because it is built with smart contracts, and there is no central point to attack, and no intervention to mess with registration or routing. Furthermore, with the system built on top of the blockchain there is no feasible method for redirecting registered names to a different address. Everything works as intended, securely and without vulnerability.

The ENS service gives us a decentralized infrastructure and governance. Those would wish to register an .eth domain can do so by participating in the auction process, where all transactions are mediated by the blockchain. This ensures the registration of domain names goes off in a transparent and fair manner. And just like traditional domains, there is a possibility that .eth domains will appreciate significantly in market value.

Even registration is automatic with the Ethereum Name Service, with the registrar acting as a decentralized application. The Dapp works well, but is an interim solution until a more permanent registrar solution is developed.

Changes to the ENS are possible in the future, but any changes will need the approval of four out of seven developers. This is because the ENS root is a multi-sig contract requiring four signatures from the seven Ethereum developers who hold keys. This consensus mechanism will ensure that any changes made to the ENS will benefit the community.

In Conclusion

The Domain Name System was a major development in its time, allowing for the rapid and expansive growth of the internet, but its inherent vulnerabilities are its weakness. It has served us well until now, but with blockchain technology offering a more secure, flexible and decentralized solution it doesn’t make sense to cling to the past.

Given the increasing value of cryptocurrencies and other digital assets, new hacks are likely to become increasingly aggressive and widespread, and we need to address the vulnerabilities in the current DNS system.

Decentralizing the process on the blockchain provides this solution, and with several working solutions already in place, it shouldn’t be long until we won’t have to worry about bad actors compromising DNS servers and putting users and their capital at risk.