Popular Ethereum wallet interface and token wallet MyEtherWallet is – yet again – at the center of being hacked and has warned its users utilizing a popular VPN to move their funds.
MyEtherWallet (MEW) is now reeling from its second major security compromise in under three months after claiming hackers compromised Hola, a free virtual private network (VPN) service, for a five-hour period that may have left Google Chrome users’ crypto wallets compromised for merely having installed the Hola extension.
MEW said in a statement on its Twitter profile:
We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.
— MyEtherWallet.com (@myetherwallet) July 10, 2018
The origin of the attack seems to have “appeared to be a Russian-based IP address”, MEW told TechCrunch while insisting that the wallet operator does not store any users’ credentials or personal data.
The number of users impacted by the breach isn’t immediately clear at press time.
It was only April when MEW fell prey to a DNS hijack that allowed a malicious hacker to redirect its users to a malicious replica of the website to phish their private keys. The hacker was able to siphon some 215 ETH (approx. $150,00 at the time) from the attack.
As suggested by CCN editor Josiah Wilmoth at the time, users are strongly advised to use browser extensions that offers safeguards against phishing scams by maintaining a blacklist of malicious websites. Two popular extensions for Chrome users are EtherAddressLookup and MetaMask.