The wallet service advised MEW users who had the Hola extension installed to move their funds to a secure wallet just to make sure that the risk of attack is avoided.
MEW is different compared to traditional third-party wallets and it takes another approach. It encourages users to take control over their private keys.
Even if the MEW service has been praised for its decentralized aspects this private key system increases the risk of fund loss.
Hola VPN service is free and it had almost 50 million users. They released a report, saying the following:
“Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After the initial investigation, we found that our Google Chrome Store account was compromised and that a hacker uploaded a modified version of the extension to the store.”
The same post continued saying that the version has been taken down and the Chrome Store account is now completely re-secured.
The attack comes from Russian IPs
After making sure that the fraudulent version got taken down, the team behind Hola began investigating the attack.
The wallet’s team told TechCrunch that the attack seemed to originate from “Russian-based IP addresses.”