An interesting and worrying post has been made on the Daohub forum, explaining how one Ethereum user lost a significant amount of funds as his Mist wallet allegedly got hacked. All of his funds has been sent to a wrong address, which may hint at a man-in-the-middle attack.
Ethereum Funds Sent Astray through Mist Wallet
This case is a rather intriguing one, and a lot of information has been posted in the past few hours. Things started to go astray for one Ethereum enthusiast after downloading the Mist wallet from either the GitHub repository or the Dao contact page. Not that there was anything wrong with the programme itself, by the look of things, but sending funds causes some issues.
To be more precise, this particular user claims funds has been sent to the wrong Ethereum address when trying to participate in the crowdsale of The DAO. A total of 7,218 ETH – worth close to 159 Bitcoin at the time of writing – has gone missing. However, the story does not end there, as the same user completed a successful transaction just minutes before, when sending 1 ETH to the address of the crowdsale.
When sending the second transaction – the 2,218 ETH one – there was no automated reply from the designated address regarding the DAO tokens issued to this user. Instead, the funds have been sent to a completely different address, which has nothing to do with the DAO itself. To make matters even worse, not only the amount for the transaction went missing, but so did the remaining balance in the Mist wallet.
It is not normal a Mist wallet sends funds on its accord, especially not when the recipient address changes itself all of a sudden. Whether or not this is an issue with the Mist wallet itself, remains unknown, although it is possible the 1 ETH transaction somehow exposed the user’s private key.
Another user has pointed out how the Ethereum Mist wallet unlocks the account for two seconds when making a payment. This seems to indicate this particular user has been hacked, and the hacker saw an opportune moment to empty the wallet while the user was making the 1 ETH transaction. However, it is also possible this user was redirected to a malicious website and downloaded a fake Mist client.
Based on the latest information provided, it appears as if the hacker story is the most likely outcome, as the Mist user noticed some strange IP connectivity requests during the time of the attack. Whether or not these details will ever reveal the real culprits, remains to be seen, though.
We will continue to monitor story as it develops.
Header image courtesy of NewsBTC