Although the decentralized approach to handling cryptocurrency wallets has been lauded by users and crypto dealers alike but sometimes, it proves to be quite a risk to let users control their private keys – The same has happened, ironically, twice in the same year with MyEtherWallet, a third-party crypto wallet service that allows its users to enjoy the private key system, which has proven to be risky for the company as it is at risk of fund mismanagement and loss that too, on a user-to-user basis.
MyEtherWallet (MEW) has been breached again this year. This time it the popular service fell victim to a cyber attack via the Hola VPN.
MyEtherWallet is one of the popular wallet services for managing Ether. It posted a really urgent message through the popular social media platform Twitter warning about a potential cyber attack. The Hola VPN Extension was hacked for five hours which allowed the hackers to monitor the activity of some MyEtherWallet users with the help of the Extension.
The Tweet explained that since Hola was hacked for five hours so it was possible for hackers to monitor the activities of some of the MEW users via the extension. The Tweet read:
“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!”
Hola VPN later released a report in the form of a blog which stated:
“Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After initial investigation, we found that our Google Chrome Store account was compromised, and that a hacker uploaded a modified version of the extension to the store.”
Later on, the company took down the fraudulent version and also re-secured the Chrome Store account. Further investigation revealed that MEW users were the main targets of the cyber-attack, which comprised of injected JavaScript using which hackers wanted to phish MEW wallets information by redirecting users to a fake MEW website.
The cyber attack was meant to redirect MEW users to the hacker’s clone website and the attack consisted of injected lines of JavaScript that allowed for the hackers to phish MEW account information.
MEW reassured the users about the safety by stating:
“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”
