Hackers reportedly compromised a Google Play Store account for Hola VPN, leading to the exposure of private client data on July 9. According to reports, the hacker uploaded a fake version of Hola VPN to the app store, which, in turn, compromised MyEtherWallet (MEW) for about five hours before it was finally taken down.
According to reports, the fake extension was programmed to phish users account information by redirecting the MEW users to the hacker’s website. MyEtherWallet alerted their clients about the incident via Twitter. The company asked clients who had installed Hola chrome extension and had used MEW in the last 24 hours of the hack, to transfer their funds to new accounts.
Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!
— MyEtherWallet.com (@myetherwallet) July 10, 2018
Hola VPN has already set up a CyberSecurity response team to investigate the matter. They also started working on replacing the fake extension before it could do more damage to their platform. A blog post on Hola’s website stated that the company was closely monitoring accounts to make sure the incident did not happen again.
The attack is believed to come from a Russian-based IP address. According to MEW, the hackers only managed to get user account information from a few users who were using their accounts at that time.
CryptoPolice reported that the number of fake MEW apps have been growing, causing great losses for the company and its customers. In total, clients have lost over 8,000 ETH to the fake MEW websites.
It is yet unclear how many clients were affected by this new attack and whether or not the hackers managed to steal the client’s money. Authorities have cautioned individuals to be extra cautious and always check the domain names before making any transactions online. Hola VPN users have also been asked to change their passwords immediately to avoid falling victims of the hack. They have also been asked to log into wallets in incognito mode if code injection is not possible.