In perhaps the clearest bout of FUD (“fear, uncertainty, doubt”) the cryptoverse has seen in 2018, popular Ethereum wallet MyEtherWallet was just blindsided by competitor EthereumBLUE.
The latter accused the former from becoming acutely compromised in a DNS attack, but a top MyEtherWallet (MEW) employee has since confirmed that no such compromise has occurred.
Is this a clear case of bad blood, or did EthereumBLUE legitimately think something was wrong? Let’s see if we can get to the bottom of it.
EthereumBLUE makes allegation, MEW responds promptly
The episode began as EthereumBLUE — which bills itself as a static analysis hub in the space — fired off a tweetstorm claiming they had conclusive proof that MyEtherWallet had been compromised.
And, as you can imagine, panic quickly spread through social media, as MEW is by far one of the most used wallets in the entire crypto ecosystem.
The problem? This “compromise” narrative fell apart rapidly as the MEW team immediately assuaged concerns on Reddit:
“I’m Wietze from MyEtherWallet. We are currently not aware of any compromises regarding MyEtherWallet and are investigating the claims by EthereumBlue. You can (and should!) always run MyEtherWallet offline, locally. Please find our guide on it here.”
But things kept taking a turn for the stranger. That’s because the official EthereumBLUE Twitter handle tweeted out a link to a phishing site copy of MEW. We’ve attached a shot of the tweet below to 1) prove the tweet happened in case of deletion, 2) prevent our readers from clicking on the malicious link.
How do we know the link above is a scam site? Look closely at the word “wallet” in the tweet above. The second “l” is slightly shorter than the first “l.” Why? To hide the fact that this link forwards users to “
MyEtherWallet.Bid,” a phishing site that has and will steal crypto users funds.
So what’s going on here? EthereumBLUE was, after all, the first group to identify and sound the alarm on the recent EtherDelta exchange compromise.
Did they just get this one wrong, or is their now disproven blitz against MEW something more? Unfortunately, the latter might be the case. The bad blood seems strong here …
But, even if BLUE didn’t have malice in their hearts, it’s incredibly unprofessional to “pull the trigger” on such allegations and raise such a massive fuss without having been 100 percent certain they were correct.
EthereumBLUE did the space a great service with the EtherDelta hack. But this episode is likely going to make the road ahead choppy for the foreseeable future, if nothing else then in the relationship (or lack thereof) between MEW and BLUE.
What’s this story mean for everyone else?
Practice OpSec (Operational security), folks.
Always make sure that official websites are https-connected with ssl details in the browser. Double and triple check links before clicking on them. See if other users on social media have already sounded the alarm on something. Your financial future is very much at stake.
Featured Image via Fotolia