MyEtherWallet, a popular site that lets users manage ether wallets, was under a major attack when a hacker added a fake VPN extension to the Google Chrome store. Sadly, the extension was downloaded by thousands of customers, due to which a number of them were hacked.
How Did The Hack Happen?
Hola VPN is a popular Chrome extension that lets users unblock websites that are restricted in a specific region. The app is quite popular due to some websites being blocked in different regions due to state censorship and other such reasons.
Hackers made use of this app and modified it so they could hack others. With over 50 million users, the app had a huge consumer base.
What Did The Fake Extension Do?
Upon investigation, it was revealed that customers of MEW (MyEtherWallet) were the targets of the hackers. The extension led to a clone of the original website to hack users with the help of a phishing technique, which is commonly used to hack into systems and accounts.
Who Are The Hackers?
The investigation revealed the hackers used Russian IPs, however, their origin is still unknown. No party has accepted responsibility so far.
Who Was Compromised?
While the exact figures are not available, it is believed that millions of customers have been a victim in some way or another due to this hack.
MEW officials have advised all VPN Hola users to transfer their funds to a secure wallet. The total loss is not known at this time, but with crypto being so popular, it must be into millions.
The Bottomline
It is still unknown exactly what hackers have gained from this hack so far but the malicious JavaScript was clearly intent on hacking ewallets. We need to be careful about how we use apps as Hola itself has been accused of running attacks in the past.