Popular Ethereum interface and defacto token wallet MyEtherWallet (MEW) has been caught up yet another goddamn hack.
This one affects users of the Hola chrome extension, specifically those who have used MEW in the past 24 hours.
Hackers, who TechCrunch reports have utilized what “appeared to be a Russian-based IP address,” have taken over the Hola VPN service. Over five hours, MEW users who simply had the Hola chrome extension installed and running have had their wallets completely compromised.
We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.
— MyEtherWallet.com (@myetherwallet) July 10, 2018
Those affected should immediately transfer their tokens to a brand new, secure wallet.
It was only two months ago that MEW was the target of an intricate plot that saw over 215 Ethereum stolen from users wallets. That incident involved the hijacking of Amazon DNS servers, leading to the clandestine redirection of browsers to an exact replica of the MEW webpage – one specifically built to steal private keys and siphon funds.
It’s worth noting that in the three months preceding this, MEW went through an internal rift that saw the platform split in two separate entities. Literally the entire development team – bar one – suddenly up and left, launching incredibly similar Ethereum interface, MyCrypto.com. Users were left wondering who the bad guy was.
While this attack may have been hard to prepare for, it is a chance to better arm yourself against phishers and scammers. Always use only approved software and official websites, even when purchasing related products such as hardware wallets – but even these can have their flaws.
The Ethereum Scam Database is one extensive resource that might prove invaluable, especially for those hunting the next great undiscovered low-cap gem.
Published July 10, 2018 — 11:01 UTC