Popular token wallet and Ethereum interface MyEtherWallet (MEW) is at the center of controversy once again, as the service was subject of a hacker probe for the second time in the span of three months. However, this time the blame cannot be placed solely on the wallet provider as a widely-used free VPN service Hola was compromised for a good five hours, which led to the vulnerability.

MEW is an open-source interface that has become one of the most popular platforms for storing ethereum-powered tokens. Meanwhile, Hola offers free VPN services and boasts a user base of nearly 50 million. Reportedly, fraudsters gained access to the Google Chrome Store account of Hola and uploaded a fake version of its VPN software.

The illicit software apparently scanned MEW user activity and passwords and sent it to the hackers. The app was live for five hours and users who downloaded it and installed the Chrome extension, exposed their data to the scammers. Regular MEW users were not affected by the attack as the wallet service was not compromised itself.

Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account! — MyEtherWallet | MEW (@myetherwallet) July 10, 2018

We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW. — MyEtherWallet | MEW (@myetherwallet) July 10, 2018

The company recommended its users who used the VPN service to transfer their tokens into another wallet and we can only hope those affected by the probe managed to do it in time. The amount of tokens, seized by the hackers, remains unknown as of yet.

Hola team said in their official announcement that, “Immediately upon learning about the incident, we set up a CyberSecurity response team to investigate the incident. We also took immediate emergency steps to immediately replace the extension, secure the developer’s account, and to monitor versions on a constant basis to ensure this does not recur.“

Talking to TechCrunch, MEW claimed that attacker “appeared to be a Russian-based IP address” and reaffirmed that, “the safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.“

According to data by CyberPolice, there have already been more than 20 fake websites, pretending to be MEW. In total, they have managed to relieve unsuspecting users of over 8000 ETH (around $3.5 million as of press time).

The last attack on MEW occurred in April when hackers managed to hijack DNS servers, which led to redirecting users to an exact replica of the MEW website. The only difference was that the fake page was designed with a sole purpose – to abduct private keys, resulting in over 215 ETH being stolen.

Image Source: “Flickr”