MyEtherWallet (MEW), a popular online Ethereum wallet generator, is at the center of a major security breach and users of free Hola VPN service have been warned to move their funds. However, the exploit didn’t affect MEW’s operations, as the service was not subject to a direct attack.
Still, the attack highlights the significant risk in storing digital assets in hot wallets. A single weak link could give an opportunity for hackers to break into the system.
For about five hours, the plugs that connect to Chrome browser were under malicious attack, which seems to have originated from a Russia-based IP address. Users who had logged into their MEW wallets through the Hola extension at that time could have been affected by the security breach. Therefore, the MEW team had advised users of Hola extension to immediately transfer their crypto tokens to a new wallet.
We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.
— MyEtherWallet.com (@myetherwallet) July 10, 2018
Mew further stated
“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”
Earlier in February, MEW was subjected to a DNS attack in which clients lost $365,000 worth of crypto. Hola does have a shady past. It was accused in 2015 of organizing a DDoS attack “on demand” in exchange for payments.
Raj Samani, chief scientist at McAfee, said
“This is a textbook example of the risks involving cryptocurrency – as safe as users may think they are from becoming victims of crimes, it only takes a weak link in a system for their whole security to be compromised.”