Posted on

MyEtherWallet Gets Hit By CyberAttack From Google Chrome Store Hackers

MyEtherWallet (MEW), one of the most well-known services for managing Ether wallets, recently took to social media to relay an urgent message about a potential cyber attack. According to the Tweet, the Hola VPN extension was in a hacked state for five hours, allowing for the hackers to monitor the activity of some MyEtherWallet users through the extension.

Ironically enough, the VPN service meant to secure your online experience has slipped up again, with this most recent situation being Hola’s second case of bad press.

The wallet service advised that MEW users who had the Hola extension installed should immediately move their funds to a secure wallet, ensuring that the risk of attack is mitigated.

Unlike many other traditional third-party wallets, MEW takes a ‘you are your own bank’ approach, encouraging its users to take control over their own private keys. Although the MEW service has been lauded for the decentralized aspects it offers, the private key system increases the risk of fund loss/mismanagement on a user-to-user basis.

Hola VPN, a free virtual private network (VPN) service with almost 50 million users, later released a report, giving their take on the situation. The blog stated:

Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After initial investigation, we found that our Google Chrome Store account was compromised, and that a hacker uploaded a modified version of the extension to the store.

The post went on to say that the version has since been taken down, and the Chrome Store account has been resecured. After ensuring that the fraudulent version was taken down, the Hola team set out to investigate the intent of the out of the blue attack.

After a few hours of investigative efforts, Hola determined that MEW users were the specific target for this attack. The cyber attack consisted of injected lines of JavaScript that allowed for the hackers to phish MEW account information, by re-directing MEW users to the hacker’s clone website.

Once figuring out the intent of the attack, Hola quickly contacted MEW and Google, making sure that the phishing website was unavailable to access.

The wallet’s team told TechCrunch that the attack seemed to originate from “Russian-based IP addresses.”

The most recent attack had some users think back to a similar situation which happened in April. Earlier this year, hackers hijacked “a couple of Domain Name System registration servers” that were linked to MEW, re-directing users to a phishing site. With this attack, the hacker was able to transfer over 215 Ethereum from unsuspecting users to his/her account.

It is still unclear how many users fell victim to the most recent attack, but one Reddit user noted that he/she lost 6000 VEN, worth around $12,000 at the time of press. MEW reaffirmed their commitment to the security and safety of its users, noting:

The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.


Posted on

Tron and EOS Mainnets Approaching, Here is How to Prepare

Two of the top ten cryptocurrencies are poised to launch their own blockchains and gain digital independence. The Tron mainnet launch on May 31 will effectively split the cryptocurrency off the Ethereum ERC20 network and onto its own. EOS meanwhile will be launching their mainnet on June 1 and similarly moving away from Ethereum’s blockchain.

So What Do You Need to Know?

TRX and EOS are currently an ERC20 tokens which means you can use your Ethereum wallet address to send and receive them. Many people choose to leave their tokens on the exchanges but a safer option is to use the blockchain directly via services such as MyEtherWallet/MyCrypto, or a plugin such as Metamask, or even safer a cold wallet.

If you have your tokens in one of these systems you will need to move them to an exchange that supports the new wallets. In a medium post MEW has explained how to do this with emphasis on knowing what exchanges will support the changeover. Binance is highly recommended as they have already announced support and it is one of the world’s largest and most reliable exchanges; “Binance would like to confirm that we will support the EOS MainNet Token Swap. We will handle all technical requirements involved for all users holding EOS.”

The same applies for Tron. On May 25 the Tron Foundation will be launching a virtual machine to facilitate the migration of dApps from the Ethereum network to Tron’s however this does not affect TRX holders.

By using MEW or you can access your Ether wallet address and load up the other tokens stored there, in this case TRX and EOS. In the Binance find the deposit address for TRX or EOS and use that as the destination back in MEW. You will need a tiny amount of ETH to cover the cost of the transaction.

According to the Exodus Movement, which recommends registering your EOS address, all ERC20 tokens will be frozen on June 1;

“EOS Mainnet tokens are to be distributed in a 1:1 ratio to the ERC20 tokens held by registered addresses. The current ERC20 EOS tokens are simply placeholders. All tokens are said to be swapped for Mainnet EOS tokens after the launch of the Mainnet.”

The post goes on to state that EOS developer Block.One are not launching the mainnet but creating the software for block producers to create their own blockchains. This will not affect token holders though providing they have been moved to an exchange which supports the migration. EOS is a little more complicated than Tron as it is effectively down to developers to launch their own blockchains on the platform.

Big things could be ahead for these two cryptocurrencies, and there are more to follow later in the year with mainnet launches also planned for Cardano, VeChain, Ontology, Aeternity, and Zilliqa.

Posted on

$150K Stolen From MyEtherWallet Users in DNS Server Hijacking

Users of MyEtherWallet, a web app for storing and sending ether and ethereum-based tokens, experienced an attack Tuesday that saw users of the service lose around $152,000 worth of ether.

The company was quick to alert users to the danger, tweeting a warning at 7:29 a.m. EDT, within 15 minutes of when the hack began:

Even so, users took to social media to report that they were losing funds.

“Went on to myetherwallet and saw that myetherwallet had [an] invalid connection certificate in the corner,” rotistain posted to the wallet’s subreddit around 8:30 a.m. EDT, adding:

“As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet  ‘0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29.’ I have no idea what happened.”

Micky Socaci, lead developer at, explained the attack in a post to the ethereum subreddit.

“Do not use if you’re using Google Public DNS ( / at this moment,” he wrote, adding: “It seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!”

His explanation fits with MyEtherWallet’s assertion that the attack was not on their side. Domain Name System (DNS) servers resolve website URLs to the appropriate IP addresses.

Money on the move

As of press time, the affected funds are being shuffled around and broken into smaller increments, according to data from blockchain information provider Etherscan.

Initially, the Etherscan block explorer showed 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29 as having received 179 inbound transactions starting from 7:17 a.m. and totaling 216.06 ether, or nearly $152,000 at the time of writing.

The attacker sent 215 ether to another address, 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83, at 10:15 a.m. Since then, the funds have been split further, with increments being divided between multiple wallet addresses.

According to MyEtherWallet CEO Kosala Hemachandra, “all the DNS servers are resolving back to correct addresses.”

“But I want to wait another [hour] or so,” he added during a conversation on Skype.

Hemachandra said that the hackers were apparently “large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for” Google fixed the issue “in a very short time,” he went on to say.

“It is really unfortunate, we live in a world where even the most secured websites are prone to this kind of attacks,” Hemachandra told CoinDesk. “I am sad about this and I hope MEW team will be able to educate users and convince them [to] use hardware wallets and local versions of MEW.”

Google’s press office did not immediately respond to a request for comment.

Hacker image via Shutterstock.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.