This is not good times for the popular cryptocurrency wallet provider, MyEtherWallet as fraudsters have refreshed a negative history of hacking the accounts of its users using Hola VPN Google Chrome browser extension.
This isn’t their first time of such vulnerability as the platform was clouted with a similar experience about three months back when the wallet’s vulnerable arm became a big target for these fraudsters which led to the theft of large amounts of Ethereum tokens.
As disclosed by the wallet’s management on its platform these fraudsters got access to Hola’s Google Chrome Store Account and uploaded a malicious VPN software which was used to gain information of users wallet’s private keys. Everyone who downloaded the VPN after the malicious software was installed stood a risk of losing their ETH tokens.
Other members of the MEW community were luckily not affected by the attack as those who didn’t install the said extension was safe.
After the illegal app got activated to the browser, private information about these users wallets was sent to the hackers.
As of now, no one knows how much damage this event has caused as investigations are yet to determine how many users downloaded the app after the account was accessed.
Immediately the MyEtherWallet noticed the attack on their platform, the wallet provider advised its users operating their wallets with the VPN software to transfer their tokens into another wallet, even urging to do it on time at that period.
Their management team in an announcement revealed the corrective measures they involved when the attack occurred;
“Immediately upon learning about the incident, we set up a cybersecurity response team to investigate the incident. We also took immediate emergency steps to replace the extension immediately, secure the developer’s account, and to monitor versions on a constant basis to ensure this doesn’t recur.”
In an interview with Tech Crunch, MEW the affected wallet provider disclosed that the hacker “appeared to be a Russian-based IP address.” They went further by reassuring their wallet’s users that, “the safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including password so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day”.
The wallet platform suffered a similar attack April this year when hackers managed to compromise DNS servers, which in turn led to the wallet users using a replicate of the MEW platform.
The similarities between the real crypto website and the replica were so much that the only difference was the URL of the site which could easily be unnoticed. At the time, it was reported that a total of 215 ETH cryptocurrencies were stolen.