Popular cryptocurrency wallet service MyEtherWallet urged some of its users to move their funds to a new wallet address, after reports that a hacker group may have compromised a virtual private network (VPN) browser extension for Google Chrome.
In two tweets posted on July 9, MyEtherWallet (MEW) claimed that the Hola VPN chrome extension “was hacked for approximately 5 hours, and the attack was logging your activity on MEW.” The wallet service then urged users that had installed the Hola chrome extension and used MEW within the last 24 hours to “please transfer your funds immediately to a brand new account!”
The security breach affected only Google Chrome users that had downloaded a browser extension from the free VPN service Hola. Hackers may have been able to monitor these users’ activity remotely, including their use of MEW, potentially even gaining access to private keys. No information has yet been published about the number of users affected.
This is the second major security breach to have hit MyEtherWallet in under three months. MyEtherWallet confirmed that some of its DNS servers were “hijacked” by unknown parties in April, potentially redirecting some users to a website that phished for users’ private keys. The hacker was able to steal around 215 ETH, which was worth about $150,000 at the time.