It has only been two months and a few days since the day when MyEtherWallet users lost $150,000 due to a Google Public DNS hack, and now the wallet has once again warned its users to move their funds because of another service being hacked. This time it is because of a VPN service called ‘Hola’, and according to company it has received report that says the activity of MyEtherWallet users might’ve been logged during the attack.
The news of attack was broken by the company from its Twitter account about 11 hrs ago. The company said that this attack took place on Hola’s VPN service for a duration of five hrs, and during the duration of attack the browser activity of users who had Hola extensions installed in their Chrome browsers might have been logged by the attackers. Therefore, the users who logged into their MEW wallets in last 24 hrs using a Chrome browser with Hola extension should immediately move their funds to a brand new account (if they still have access to those funds).
Users who don’t have Hola extension installed or don’t use Chrome browser at all are not affected from the attack. The exact number of affected users is not known, and the IP address of attacker is from Russia according to MEW’s statement given to TechCrunch. The company also stressed that it doesn’t store the data or credentials of its users. It said:
“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”
In April’s hack of Google Public DNS the MEW users were robbed of 215 ETH (worth $150,000 at the time). Loss that might’ve happened in this hack is not known for now.
Notably, Hola VPN has also been scrutinized heavily in the recent days for using the bandwidth of its users to create a giant botnet. It’s certainly not a VPN that you would want to have!
We’ll update you with more information about this hack as it’s revealed by the company.