The internet's infrastructure was compromised to target MyEtherWallet — Quartz

About $150,000 worth of ether was stolen from users of MyEtherWallet yesterday. The attackers apparently used an elaborate scheme to reroute internet traffic to target the popular wallet service.

The attackers exploited vulnerabilities in two basic internet protocols that route traffic around the world, the Border Gateway Protocol (BGP) and the Domain Name System (DNS). Such attacks are common, but this incident was notable for the lengths the hackers went to, affecting services from Amazon, Google, and major internet service providers in the process. Security researcher Kevin Beaumont called it the largest attack of its kind he has witnessed, highlighting the “fragility of internet security.”

MyEtherWallet users noticed something amiss when they went to the wallet’s website and received a warning saying it was using an invalid security certificate. One user on Reddit reported seeing the warning, but proceeding to log in anyway since the website address and everything…