MyEtherWallet, one of the most used portfolios of Ethereum, alerted its users who face a threat: if yesterday they used the VPN service that works as an extension of Chrome, Hello, to access their portfolio, their funds may be find engaged.
The MyEtherWallet (MEW) developer team asked its users to transfer the funds stored in their portfolio if they had used the VPN service Hola during the last 24 hours. This is despite the fact that their platform was not compromised, but they assume that the attackers still have access. According to the alert, the Chrome extension could have been a victim of malware for five hours, in an attack aimed at recording the activity of the wallet to steal the funds.
The vulnerability exploited by the attackers occurred hours after the last update of Hello , released yesterday. And according to MyEtherWallet statements , the attack was registered with a Russian IP.
Also, the developers reminded their users that MEW "does not have personal data, including passwords," so users can be sure that hackers will not get any information if they did not use that VPN. However, at the moment the scope of the attack is unknown and some Reddit users claim to have been hacked without using the Hola VPN .
It is important to point out that this is the second attack for MyEtherWallet during this 2018, after the incident on May 24 that presumably during the attack hours the hackers had the opportunity to manipulate ethers wallets. According to official statements, MEW suffered the hijacking of some DNS servers that redirected for hours to a phishing site . At the same time, in October 2017, it was the first object of an identity theft or phishing in which more than 15 million dollars were lost in ETH.