Using the Hola VPN chrome extension? Your MEW wallet may have been compromised.

Lanatsa

hero member

Activity: 2968

Merit: 687

Quote from: electronicash on July 12, 2018, 10:11:28 PM

never trust browser extension and app.

you don't need to use the private key in MEw if you use the Keystore File to login to your account. but yes the password along with that keystore file.
the best way to use MEW is by downloading the newest release from here https://github.com/kvhnuke/etherwallet/releases

unzip it
and then you can use it offline without worrying of hacks. drag the index.html to a browser to view the page.
click send token then
you can click json file if you have json file and upload or Click private key and copy and paste your private keys whichever is comfortable for you
click unlock wallet.

Airgapped is good but not all people would put up themselves into hassle or just simply not all people do have idea into this kind of method since they are not techy at all.
If we do possess huge amounts of crypto then this kind of accessing the wallet thru offline is safer than on inputting your private key while you are connected to the net.
Luckily, im not using any browser extension on my chrome since i dont really need vpn service at all.

electronicash

legendary

Activity: 3178

Merit: 1054

never trust browser extension and app.

you don't need to use the private key in MEw if you use the Keystore File to login to your account. but yes the password along with that keystore file.
the best way to use MEW is by downloading the newest release from here https://github.com/kvhnuke/etherwallet/releases

unzip it
and then you can use it offline without worrying of hacks. drag the index.html to a browser to view the page.
click send token then
you can click json file if you have json file and upload or Click private key and copy and paste your private keys whichever is comfortable for you
click unlock wallet.

LTU_btc

legendary

Activity: 3234

Merit: 1375

Slava Ukraini!

Thanks for the warning. I'm using Hola extension quite often. But it's good that I'm using MEW on Firefox, while Hola on Opera, so my funds are safe.

Quote from: mobnepal on July 10, 2018, 05:04:46 PM

Hope not much ETH holder will be affected by this as HOLA is not quite popular VPN, I haven't heard about it before.

Hola is probably most popular free VPN extension. It doesn't mean that's not popular just becauce you haven't heard about it.

mobnepal

legendary

Activity: 1218

Merit: 1006

I always used to remain cautious about installing any extension on my browser even though all of them are listed by google after security check. Now this news make my caution worthy because this proves that even though google will have security check before listing the extension on their store hacker can push malicious code without getting noticed by google.

The only extension I have is metamask which I rarely use.. Hope not much ETH holder will be affected by this as HOLA is not quite popular VPN, I haven't heard about it before.

milewilda

legendary

Activity: 3094

Merit: 1127

Quote from: jhenfelipe on July 10, 2018, 12:58:02 PM

So far no comments in the twitter post about funds being stolen from their account. Hopefully MEW users aren't using Hola VPN while accessing their wallets.

Ive been waiting for comments too actually but we should wait a little further even though Hola VPN isnt too popular but rest assured there are still people who do make use of it and wasnt aware on the recent vulnerability of it.

Quote from: crairezx20 on July 10, 2018, 11:59:43 AM

How the VPN works and how they can get your private keys or json key?

It looks like a keylogger or downloading all copy paste logs. for now I'm using metamask wallet because I don't like MEW to use for daily transaction because you need to copy paste your private key when accessing your wallet.

This is the reason why i do switch to metamask it is somehow techy compared to MEW but when it comes to security or possible risk you can lessen it up when using metamask.This is why i dont like to install any extensions on my chrome. Even on my first time with metamask i do still hesitate to do such thing.

jhenfelipe

hero member

Activity: 1372

Merit: 647

So far no comments in the twitter post about funds being stolen from their account. Hopefully MEW users aren't using Hola VPN while accessing their wallets.

Quote from: OmegaStarScream on July 10, 2018, 08:38:47 AM

So basically this is valid for MyCrypto too. Is it possible for an extension to reach for another extension as well? If that's the case, MetaMask could be at risk too.

@MyCrypto posted about this issue as well and made it clear that MyCrypto users are not affected. Based on the post, it seems that it's only for MEW, so I think MetaMask users are not affected too.

crairezx20

legendary

Activity: 1638

Merit: 1046

How the VPN works and how they can get your private keys or json key?

It looks like a keylogger or downloading all copy paste logs. for now I'm using metamask wallet because I don't like MEW to use for daily transaction because you need to copy paste your private key when accessing your wallet.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: St4yInTh3D4rk on July 10, 2018, 10:22:26 AM

Is there any problem if I have hola VPN on someohter browser and never accessed my MEW from that browser?

No. An extension on Chrome can't read/modify data on your Firefox browser.

Quote from: St4yInTh3D4rk on July 10, 2018, 10:22:26 AM

But I always access my MEW from chrome where I have no extension installed.

Then you are safe.

St4yInTh3D4rk

sr. member

Activity: 686

Merit: 264

"STAY IN THE DARK"

Is there any problem if I have hola VPN on someohter browser and never accessed my MEW from that browser?

But I always access my MEW from chrome where I have no extension installed.

OmegaStarScream

staff

Activity: 3500

Merit: 6152

So basically this is valid for MyCrypto too. Is it possible for an extension to reach for another extension as well? If that's the case, MetaMask could be at risk too.

leowonderful

legendary

Activity: 1624

Merit: 1130

Bitcoin FTW!

This is exactly why I don't run Chrome with any extensions at all, especially on computers where I'm storing any amounts of crypto- the risk for a hack or shady application logging my information and a resulting loss of funds is just too great. Still a good job from the MEW team for reporting this issue quickly, as every minute could mean a wallet getting its funds emptied without the owner's permission.

I don't trust free VPN services for this reason as well. I'd much rather pay money for a VPN, or better yet make a Socks5 proxy by hand than save money at a cost like this.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote

Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!

We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.

Source: https://twitter.com/myetherwallet/status/1016542459185119232

If you have the Hola VPN extension, which is a free VPN for Chrome, uninstall it right now, create a new MEW wallet and move all your coins away immediately.

P.S: This is not an issue with MEW. It's the same as downloading a virus, risking your wallet and blaming your wallet developer.

Topic: Using the Hola VPN chrome extension? Your MEW wallet may have been compromised. (Read 237 times)