Warning: MyEtherWallet might have been hacked through Hola extension


On July 10th, MyEtherWaller tweeted that the customers' accounts might have been hacked while using Hola extension

On July 10th, on the digital wallet interface for Ethereum tokens and assets, MyEtherWallet (MEW), appeared a tweet with an urgent notification about the Hola Chrome extension which allegedly might have been hacked. Therefore, the customers who  logged in and used MEW within the last 24 hours should immediately transfer their funds to another wallet.


We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.

— MyEtherWallet.com (@myetherwallet) July 10, 2018

Currently, MEW has confirmed that the hack came  from the Hola extension, MEW has just received a report that Hola was likely hacked. However, MEW could not provide the source of the report, many followers were confused about the reliability of the information.


Hola is a free VPN (virtual private network) Chrome extension which is used to access  websites that were restricted or banned in some countries. VPN is an advanced technology that helps users to remotely connect to a public network like the Internet or private network from a proxy server provider.

myetherwallet, hola, chrome, extension, token, ethereum, mew, hackThe followers on Twitter has warned many times against  the constant use of MEW in Incognito window because this mode disables all the extensions. Since Hola is a free VPN extension, many people are concerned about the security level of this application. The hackers can get access to users’ accounts in order to change and upgrade the code. By doing this, they will be able to transfer funds to their wallet addresses.

In addition, the safest way to store cryptocurrencies is to use hardware wallets, so the investors can sleep tight at night without worrying that all their money will disappear the next morning.

Earlier on April 24th, when using the Google DNS and to search for MEW, the results would automatically link to the phishing page. If the users logged into their accounts using a fake website, their ETHs would be sent to hackers’ wallet addresses.