The company was quick to alert users to the danger, tweeting a warning at 7:29 a.m. EDT, within 15 minutes of when the hack began:
Couple of DNS servers were hijacked to resolve
myetherwallet.com users to be redirected to a ph site. This is not on @myetherwallet side, we are process of verifying which servers to get it resolv asap.
Even so, users took to social media to report that they were losing funds.
See Also: Snoop Dogg set to Perform At The Ripple Crypto Party; Prior to Blockchain week
“Went on to myetherwallet and saw that myetherwallet had [an] invalid connection certificate in the corner,” rotistain posted to the wallet’s subreddit around 8:30 a.m. EDT, adding:
“As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet ‘0x1d50588C0aa11959A5c28831ce3DC5F I have no idea what happened.”
A lead developer at BlockBits.io, Micky Socaci, described the attack in a post to the ethereum subreddit.
“Do not use myetherwallet.com if you’re using Google Public DNS (184.108.40.206 / 220.127.116.11) at this moment,” he wrote, adding: “It seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!”
Micky Socaci explanation fits with MyEtherWallet’s assertion that the attack was not on their side. Domain Name System (DNS) servers resolve website URLs to the appropriate IP addresses.