Hola VPN's Chrome Extension has suffered a hack that targets MyEtherWallet users crypto currency.
MyEtherWallet (MEW), a cryptocurrency management platform known for providing crypto-currency storage wallets, and also the sending and receiving of token between wallets, is suffering a hack for the second time this year.
According to report, Hola VPN, a popular virtual private network provider with over 50 million users got compromised in a breach for five hours. MEW, however, noticed the breach with the VPN provider and quickly notified its users using the VPN extension to stop using it and quickly transfer their funds to a new account so as to prevent their crypto currency from being stolen.
Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!— MyEtherWallet.com (@myetherwallet) July 10, 2018
"Urgent! If you have Hola chrome extension installed and used MEW within the last 24hrs, please transfer your funds immediately to a brand new account!," a tweet from MEW read.
"We received a report that suggest Hola chrome extension was hacked for approxmately 5 hrs and the attack was logging your activity on MEW," the crypto-currency management platform later added.
Though MEW itself wasn't hacked, the tweet explained that Hola VPN was hacked for five hours which was enough for the hacker(s) to monitor activities of MEW users via the extension and carry out any malicious activity.
MEW users who don't have Hola VPN extension installed don't have anything to worry since the breach was as a result of the fake VPN extension.
A statement from Hola in rergards to the hack read;
"Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After an initial investigation, we found that our Google Chrome tore account was compromised and that a hacker uploaded a modified version of the extension to the store."
Hola explained that after carrying out an investigation into what the hackers were after, they discovered that MEW users were the primary target of the hack.
"Within a few hours, we determined that the target of the attack was MEW (MyEtherWalet.com) - the crypto wallet website, and the attack was programmed to inject a JavaScript tag in to the MEW site to "phish" information about MEW accounts that are logging in without being 'incognito mode', by re-directing the MEW users to the hacker's website," Hola said.
Hola said they notified MEW and Google and ensured that the hacker's web site was brought down. The VPN service provider then went forth to assure users that their online safety was their number one priority and thus, nothing would have gone wrong if they hackers hadn't interected with the Chrome extension in the past days.