A phishing attack targeting users of MyEtherWallet.com used an IDN “homograph” domain to facilitate an Ethereum theft.
The IDN domain used a letter “t” that belongs to a different character set, which is visually identical to the Latin character, except for a distinguishing line or dot underneath it.
Registered just a few days ago, the domain is in fact xn--myetherwalle-9me.com but when rendered in the phishing email, it displays almost identically to the MyEtherWallet.com, an Ether wallet manager.
Apparently, more than $15,000 dollars’ worth of Ethereum tokens were stolen in the first 2 hours of the attack.
News of the phishing attack were first identified and detailed by security expert, Wesley Neelen, who stated:
Phishing is becoming already be a well-known phenomenon through awareness-raising campaigns and online reporting of several big hacks throughout this type of attack: Criminals try to get the login information for all type of accounts through legitimate-looking emails. By tempting potential victims to enter their username and password on a website, the cybercriminals are able to access to confidential data and/ or financials for their personal gain.
In the process, Wesley Neelen states that the phishing email was carefully crafted, and apparently targeted participants of a mailing list interested in cryptocurrencies and initial coin offering campaigns (ICO.)
Domain investors and cryptocurrency investors alike are thus advised to not click on emailed links and always log into their accounts from a safe browser, by typing in the URL.
Read more details about the incident.