MyEtherWallet users hit by Hola VPN attack

MyEtherWallet, one of the most popular hot wallet services, has come under attack for the second time this year – apparently following problems with the Hola Virtual Private Network (VPN) service.

The problems with Hola – a free VPN browser plugin – led to MyEtherWallet’s creators warning those that use it alongside their product that they may have been caught up in a malicious attack targeted specifically to steal crypto. MyEtherWallet itself was not compromised, so users that weren’t using it alongside Hola were not effected.

The company followed up that statement by saying that it believed that the problem with Hola may have been live for as long as five hours, and was specifically looking for – and logging – wallet activity.

Commenting on the matter to TechCrunch, MyEtherWallet said the attacker “appeared to be a Russian-based IP address.”

“The safety and security of MEW users is our priority,” it continued, before adding that it needed to “remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.”

Earlier in the year, MyEtherWallet was his by an attack that saw over $300,000 worth of cryptocurrency lifted from its users’ cache. That attack used hijacked DNS servers to redirect users visiting myetherwallet.com to a phishing site in order to procure their details. The service has also been the victim of a number of fake versions of its App being distributed via the Play Store, which saw Google come in for criticism back in April.

Hola VPN itself has a chequered past, having been implicated in DDoS for hire attacks in the past, as well as questions about how its methodology could cause legal problems for its users.