MyEtherWallet a popular service for managing crypto-currency online has suffered an attack in which they have pointed the finger of blame at free VPN service Hola.
It’s important to note that MyEtherWallet itself was not compromised in the attack and only users of both the Hola free VPN and MyEtherWallet should be concerned.
In details released, MyEtherWallet claims that in a 5 hour period Hola was compromised leading anyone using the service and accessing MyEtherWallet to be somehow put at risk.
No details of the hack
While MyEtherWallet has clearly indicated that a Hola hack was behind the security breach there are very few details of how they suspect this took place.
MyEtherWallet made a statement on Twitter that said they had received reports that Hola had been compromised for a 5 hour period. During that time any user of Hola visiting the MyEtherWallet website may have had the security of their accounts compromised.
With so few details it is difficult to understand the basis of the attack but one would assume that MyEtherWallet is suggesting that hackers were somehow intercepting the MyEtherWallet website when users were connected to Hola or quite possibly redirecting them to a cloned honeypot to vacuum up their details.
With little details rumours about how the issue was possible have started to surface on social media networks such as Twitter but with few words from MyEtherWallet and Hola yet to respond people are simply left guessing.
Protection of funds
MyEtherWallet has been advising users who have accounts with their service and who use Hola that have accessed the service within the past 24 hours to transfer all funds to new accounts.
This would mitigate against the issue ensuring that hackers involved in the breach would be unable to relieve affected users of their funds.
At the time of writing there have been no reports of any user being affected or losing funds as a result of the claimed security breach. However, if you’re a user of both services you would do well to take heed of the warning.
Hola VPN in hot water again
The latest announcement from MyEtherWallet has dealt another damaging blow to Hola who were already recovering from an incident in 2015 which rocked confidence in the free VPN service.
Hola was discovered to be utilising free VPN users’ system resources and connections to power their paid-for VPN service.
This led many to question the reliability of free-VPN services and how they are funded. The latest claim by MyEtherWallet will only further lead customers to question the reliability of both the Hola VPN service and other free VPN products.