Kevin Beaumont reports that, by compromising a router at Equinix in Chicago, attackers were able to forge DNS responses for myetherwallet.com, with users "redirected to a server hosted in Russia, which served the website using a fake certificate." Victims' online wallets were drained of cryptocurrency.
Also at The Verge and Ars Technica which said
Amazon lost control of a small number of its cloud services IP addresses for two hours on [April 24] when hackers exploited a known Internet-protocol weakness that let them to redirect traffic to rogue destinations. By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @01:48PM
> I didn't know that other CAs use similar mechanisms
Think about it. There has to be a way to transfer domains to new, legitimate owners. There has to be a way to verify ownership in the first place. Maybe the WHOIS data has a working phone number - but what are the odds that goes to the person making the request, in a large org?
Point being: it's not write-once. IP control is over-relied upon as identity proof.