The popular VPN plugin for Chrome and Android called Hola, which is used by
more than 50 million people worldwide, has
been compromised . The target of the attack is the users of MyEtherWallet - one of the largest hot online wallets for ether holders. The attack lasted for about five hours and during this time Hola collected information about the purses of MEW users for the purpose of subsequent theft of cryptocurrency.
In the only recommendation received from the wallet administration, it is advised to start a new MEW wallet and transfer your funds there in case you are a Hola user and performed actions in MyEtherWallet in the last 24 hours.
This is the second attack on users of MyEtherWallet in the last four months. This spring, hackers
managed to hack the DNS server that MyEtherWallet used, which allowed users to be redirected to a phishing site with a St. Petersburg IP address. Then at least 215 ETH was stolen. It is believed that behind both of these attacks are the same people.
It is worth noting that the Hola VPN plugin
was previously
compromised in 2015. Then Hola users were involved in conducting massive DDoS attacks.
The main reason Hola is attractive to intruders is the popularity of the plugin, coupled with the peer-to-peer peer-to-peer connection setup. Also plays a role and extremely careless development, which led to the presence of a number of vulnerabilities and loopholes for intruders. In addition, the administration of Hola was seen in a very negligent attitude in the case of providing paid access to the network. In 2015, the developers stated that they “removed the vulnerability several hours after the report,” but the research team, which pointed out the problem,
was categorically disagreeing with this :
They say they removed the vulnerability in a few hours, but we know that this is a lie. The developers simply broke our verification method, and they themselves reported that the vulnerability was fixed. In addition, there were not two holes, as they say, but six .
In the 2015 conflict, it was not just the theft of personal data through a plugin that figured. Then the developers were accused of criminal negligence, selling access to the network to questionable individuals, and even allowing the code to be executed on the side of the user without his knowledge.
Unlike Tor users, who most often realize what they are doing and what access they provide, the out-of-the-box plugin has gained popularity among ordinary users who may not even fully understand how this “magic button” in Chrome works - for only the final effect in the form of the availability of blocked resources and conditional anonymity is important.