MyEtherWallet (MEW), one of the most well-known services for managing Ether wallets, recently took to social media to relay an urgent message about a potential cyber attack. According to the Tweet, the Hola VPN extension was in a hacked state for five hours, allowing for the hackers to monitor the activity of some MyEtherWallet users through the extension.
Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!
— MyEtherWallet | MEW (@myetherwallet) July 10, 2018
Ironically enough, the VPN service meant to secure your online experience has slipped up again, with this most recent situation being Hola’s second case of bad press.
The wallet service advised that MEW users who had the Hola extension installed should immediately move their funds to a secure wallet, ensuring that the risk of attack is mitigated.
Unlike many other traditional third-party wallets, MEW takes a ‘you are your own bank’ approach, encouraging its users to take control over their own private keys. Although the MEW service has been lauded for the decentralized aspects it offers, the private key system increases the risk of fund loss/mismanagement on a user-to-user basis.
Hola VPN, a free virtual private network (VPN) service with almost 50 million users, later released a report, giving their take on the situation. The blog stated:
Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After initial investigation, we found that our Google Chrome Store account was compromised, and that a hacker uploaded a modified version of the extension to the store.
The post went on to say that the version has since been taken down, and the Chrome Store account has been resecured. After ensuring that the fraudulent version was taken down, the Hola team set out to investigate the intent of the out of the blue attack.
After a few hours of investigative efforts, Hola determined that MEW users were the specific target for this attack. The cyber attack consisted of injected lines of JavaScript that allowed for the hackers to phish MEW account information, by re-directing MEW users to the hacker’s clone website.
Once figuring out the intent of the attack, Hola quickly contacted MEW and Google, making sure that the phishing website was unavailable to access.
The wallet’s team told TechCrunch that the attack seemed to originate from “Russian-based IP addresses.”
The most recent attack had some users think back to a similar situation which happened in April. Earlier this year, hackers hijacked “a couple of Domain Name System registration servers” that were linked to MEW, re-directing users to a phishing site. With this attack, the hacker was able to transfer over 215 Ethereum from unsuspecting users to his/her account.
It is still unclear how many users fell victim to the most recent attack, but one Reddit user noted that he/she lost 6000 VEN, worth around $12,000 at the time of press. MEW reaffirmed their commitment to the security and safety of its users, noting:
The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.
