Attivo Networks Blogs

$152,000 in Ethereum stolen in Amazon DNS server attack

SC media logo

Hackers used a man-in-the-middle attack to compromise an Amazon DNS server leading to about $152,000 in Ethereum cryptocurrency being stolen from customers when they were redirected to a phishing site where their wallet’s login credentials were stolen.

The incident began on Tuesday when cybercriminals used a border gateway protocol, a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems, rerouting traffic intended for Amazon’s Route 53 DNS service to a second server hosted by Equinix and then on to a server in Russia, according to reports from ESET’s Graham Cluley and a CloudFlare blog.

The IPs involved,,, and, are all allocated to Amazon. CloudFlare said during the two-hours when malicious actors had control of the DNS server the IPs only responded to requests for and these requests were then sent along the chain to the Russian server where they were delivered to a phishing website where the victim’s wallet credentials were stolen leading to their Ethereum wallets being emptied.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

five − two =

Ready to find out what’s lurking in your network?

Scroll to Top