VERY IMPORTANT

What makes MEWkit stand out is that it's so much more than a traditional phishing kit. Beyond being a front-end mimicking the MyEtherWallet website with the purpose of stealing credentials, it's also a clientside application that processes the payment details captured by the phishing page to transfer funds out of phished victim Ethereum wallets directly to attacker-controlled wallets. In this report, we'll discuss more detail on the functionality, background, and past and current campaigns using MEWKit. We'll also shed some light on a significant event that happened on April 24, 2018, in which a Border Gateway Protocol (BGP) hijack attack was performed on the Amazon DNS servers to reroute people from the official MyEtherWallet website to a host running MEWKit.