MyEtherWallet Got Hacked By Google Chrome Store Hackers

MyEtherWallet (MEW) is one of the most popular services for managing Ether wallets. They recently took a hit by hackers and they announced this on social media.

The Hola VPN extension was hacked

According to their tweet, the Hola VPN extension has been in a hacked state for five hours and it also allowed the hackers to monitor the activity of some MyEtherWallet users via the extension.

The VPN service was supposed t secure the online experience and slipped up again. The most recent situation is Hola’s second case of bad press.

The wallet service advised MEW users who had the Hola extension installed to move their funds to a secure wallet just to make sure that the risk of attack is avoided.

MEW is different compared to traditional third-party wallets and it takes another approach. It encourages users to take control over their private keys.

Even if the MEW service has been praised for its decentralized aspects this private key system increases the risk of fund loss.

Hola VPN service is free and it had almost 50 million users. They released a report, saying the following:

“Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After the initial investigation, we found that our Google Chrome Store account was compromised and that a hacker uploaded a modified version of the extension to the store.”

The same post continued saying that the version has been taken down and the Chrome Store account is now completely re-secured.

The attack comes from Russian IPs

After making sure that the fraudulent version got taken down, the team behind Hola began investigating the attack.

After a few hours, Hola found that the MEW users were the target of this attack. The hacker injected lined of JavaScript that allowed hackers to phish MEW account data by re-directing MEW users to the hacker’s clone website.

The wallet’s team told TechCrunch that the attack seemed to originate from “Russian-based IP addresses.”

Comments are closed.