One of the world’s most popular crypto wallets, MyEtherWallet, has made headlines today after suffering a major security breach for the second time this year. A breach lasting almost five hours that targeted Hola VPN users who use the service to access MyEtherWallet.
The wallet, also known as MEW, is a service that allows users to access their crypto tokens. It enables the sending and receiving of crypto tokens from one wallet to another. The service today warned all users that Hola, the VPN built into browsers, was the victim of a malicious attack which could have affected up to 50 million users. Those who use MEW can rest assured that the hack wasn’t allowing hackers to directly breach their wallets as the Ether Wallet platform wasn’t explicitly comprised.
Hola VPN Security Breach
The team from MyEtherWallet released a statement outlining that Hola being compromised for around five hours had meant that any MEW users who accessed their wallets whilst connected to the VPN would have been affected by the breach. As a precaution, MEW is suggesting all users who accessed their site and the Hola VPN on July the 10th to now take the time to open a new wallet and migrate all of their tokens to it.
This major breach is a good example of why paying for a trusted, secure and faster VPN service is far more safe than a free version. In 2015, there was evidence discovered that put Hola in a difficult place – evidence suggesting that Hola was offering on-demand DDoS attacks for paying clients. Tweets and other social media posts outlined that the DDoS attacks had come from Russian-based IP addresses either indirectly or directly under the control of Hola.
Once the MyEtherWallet team had ensured the breach was contained and there were no further compromised accounts through Hola, they had the following statement to say, ‘The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.’
At this time there is no accurate or exact number on the total amount of users affected by the breach or whether any accounts had been compromised and funds stolen. Though the situation is not dissimilar to the events that unfolded back in February where more than $365,000 had been stolen from users of the MEW service.