MyEtherWallet (MEW), an online Ethereum wallet generator, has been hacked again this year after the Hola VPN was under attack for about five hours.
Today, those that were using the free Hola VPN service have been warned that its plugs into browser have been affected following a malicious attack. However, the breach didn’t interfere with MEW’s operations, as the service itself wasn’t the one compromised. Only users that logged into their wallet through the VPN could be affected by the breach. Because of this, the site recommended that they relocate their tokens to a new wallet.
“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!”
“We received a report that suggests Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.”
The company stated the hack “appeared to be a Russian-based IP address.”
“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day,” said MEW.
In February, MEW experienced a DNS attack in which it lost $365,000 worth of crypto from its users to the hackers. Hola was accused in 2015 of covertly launching DDoS attacks “on demand” in exchange for payments.
“This is a textbook example of the risks involving cryptocurrency – as safe as users may think they are from becoming victims of crimes, it only takes a weak link in a system for their whole security to be compromised,” noted Raj Samani, chief scientist and fellow at McAfee.
McAfee researchers discovered that the rise in Bitcoin’s value in the last months of 2017 drove many actors to get involved into the hijacking of crypto wallets, and this hacking trend does not seem like it will be declining any time soon.