Open Source software is free and great, but hackers (phishers) using it to exploit search engines by buying high click through Ads:
— MyEtherWallet.com (@myetherwallet) February 13, 2018
Anyone who clicked on these Ads, transferred the money and stole the private key to this address, which has around 500K of money:
They are pretty sophisticated hacks, they are man in middling using tracker urls, and the url is using unicodes in the domain to phish. Which is very hard to glance, look at these examples, they area working phished sites.
Yesterday the ad was pointing to this:
https://www.xn--mytherwaet-9k2ea69n.com/api => https://www.myẹtherwaḷḷet.com/api/
Today it is pointing to:
https://www.xn--myetheralle-7b9ezl.com/api/ => https://www.myetherẇalleṭ.com/api/
Their man in middle tracking service was basically serving phished sites to new users and real sites to reoccurring users, hoping no one catches them.
Remember to always bookmark your client wallets.