• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Hola VPN’s Chrome extension hacked to target MyEtherWallet users

July 11th, 2018 Waqas Hacking News 0 comments
Hola VPN’s Chrome extension hacked to target MyEtherWallet users
Share on FacebookShare on Twitter

Although the decentralized approach to handling cryptocurrency wallets has been lauded by users and crypto dealers alike but sometimes, it proves to be quite a risk to let users control their private keys – The same has happened, ironically, twice in the same year with MyEtherWallet, a third-party crypto wallet service that allows its users to enjoy the private key system, which has proven to be risky for the company as it is at risk of fund mismanagement and loss that too, on a user-to-user basis.

Reportedly, for the second time in 2018, the well-known cryptocurrency management platform MyEtherWallet (MEW) has suffered a security breach. The company is very famous for providing crypto-currency storage wallets and facilitating token sending and receiving between wallets.

The cause of this security breach is identified to be a commonly used VPN service with over 50 million users, Hola, which got compromised for five hours. When the company noticed the issue with the VPN, it immediately informed its users to stop using Hola so as to prevent their crypto from getting stolen. Since MEW itself wasn’t compromised so the regular users of the service stayed unaffected by the breach.

See: Popular Chrome VPN extensions are leaking your DNS data

The information about the malicious attack on Hola VPN service was shared with MEW users through Twitter. The Tweet explained that since Hola was hacked for five hours so it was possible for hackers to monitor the activities of some of the MEW users via the extension. The Tweet read:

“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!”

We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.

— MyEtherWallet.com (@myetherwallet) July 10, 2018

The company notified its users who access MEW via the Hola extension to immediately transfer their crypto funds to a secure wallet in order to mitigate the threat of attack. Hola also released a report to share their side of the story, which read:

“Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After an initial investigation, we found that our Google Chrome Store account was compromised and that a hacker uploaded a modified version of the extension to the store.”

Later on, the company took down the fraudulent version and also resecured the Chrome Store account. Further investigation revealed that MEW users were the main targets of the cyber-attack, which comprised of injected JavaScript using which hackers wanted to phish MEW wallets information by redirecting users to a fake MEW website. Hola contacted Google and MEW to ensure that the cloned website stays inaccessible.

See: Tor Proxy Used By Cybercriminals To Initiate Bitcoin Theft

It is reported that the attack originated from a Russian IP address. However, there is currently no clear information about the number of users who did fell prey to the attack. A user on Reddit posted about losing 6000 VEN, approx. $12,000, due to the recent attack. To this, MEW stated that during the time when Hola was compromised, anyone who accessed MEW wallet using the compromised VPN might be affected.

Furthermore, MEW also stated that it takes a keen interest in ensuring the security of user accounts.

“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”

  • Tags
  • Chrome
  • Cryptocurrency
  • Cyber Crime
  • Ethereum
  • Google
  • Hola
  • MyEtherWallet
  • Privacy
  • Scam
  • security
  • VPN
Facebook Twitter LinkedIn Pinterest
Previous article Hacker selling classified information on MQ-9 Reaper Drone on dark web
Next article Who's Reading Your Gmail Messages?
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

Top Russian hacker forums Maza, Verified hacked; data leaked online

Top Russian hacker forums Maza, Verified hacked; data leaked online

Gab hacked - DDoSecrets leak profiles, posts, DMs, passwords online

Gab hacked - DDoSecrets leak profiles, posts, DMs, passwords online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us