“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!”
Only users who had a Google Chrome extension called Hola installed. Hola is a “freemium” peer-to-peer virtual private network (VPN) service that users add to their Google Chrome browser to enable access to web pages blocked by their country, school, or even place of employment.
According to reports, there was a five-hour period where Google Chrome users who had the Hola add-on plugin installed, had their activity monitored by hackers if they had used MEW during that timeframe. The hackers originating from a “Russian-based IP address” were able to gain access to MEW accounts and moved funds.
MEW quickly urged users to move funds they had stored in their wallets to avoid any funds from being stolen by cyber criminals. MEW was quick to point out that they do not store any user credential data on their servers, so only those who were running the compromised Hola add-on are susceptible to any lost funds.
Thankfully, there have not been widespread reports of crypto being stolen at this time. However, this is the second ‘hack’ MyEtherWallet has suffered in the past three months. In April, the popular Ethereum wallet was the victim of a DNS hijack, where hackers redirected users to a counterfeit MEW website designed to phish for private keys and ultimately steal funds. That hack resulted in 215 ETH - worth roughly $150,000 at the time - being stolen by hackers.