WARNING: MyEtherWallet Activity May Have Been Logged By Browser Add-On
Users are advised to transfer funds to a secure account if they used the extension in the last 48 hours.
Update:
On July 10, 2018, Hola issued a blog post providing details to the nature of the hack. Following investigation, it was determined by the Hola team that a Google Chrome Store account had been compromised. With access to the account the hacker was able to upload a modified version of the Hola add-on to the Chrome store.
Once Hola secured access to their Chrome Store account they replaced the malicious extension with the official one. According to Hola, “the attack was programmed to inject a JavaScript tag in to the MEW site to “phish” information about MEW accounts that are logging in without being in ‘incognito mode’, by re-directing the MEW users to the hacker’s website.”
Both Google, and MEW were notified, and in turn the malicious website was brought down.
The scope of the compromise is still under investigation and Hola has said, that once compiled, “We will share the findings from this analysis with the ecosystem to help ensure a safer Internet environment.”
Initial Coverage:
Another day, another breach; on Monday, July 9, 2018, around 9:45 PM, it was reported by the Ethereum wallet service, MyEtherWallet (MEW), that individuals who have the Hola VPN browser add-on installed on their computers and used MEW within the last 24 hours should immediately transfer their funds to a brand new account.
It is not clear when the breach took place, nor from where the warning originated. According to MEW data may have been skimmed from users who accessed their Ethereum wallets through the wallet service by the Hola extension for a five hour period.
Hola did not immediately respond to inquiries regarding the reported breach, and their Twitter account, which has been dormant for nearly a year, makes no indication that any security incident has taken place.
MEW has often been the target of scammers who set up phishing sites mimicking the wallet service, and was also recently the sole target of a DNS spoofing incident. Notably, many users were protected during the DNS incident by the Cryptonite browser add-on, a tool powered by the MetaCert Protocol.
When something like this happens it’s best to throw caution into the wind; it’s highly recommended that users who fit the criteria for the warning should follow the instructions from MEW and setup new secure accounts to transfer their funds to.
As additional details emerge on this incident I will report them.
The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
