Part of MyEtherWallets to be Under a Thread

New security issue is related to  free Hola VPN plug-in, which is installed on 50 000 000 computers
10 July 2018   599

One of the most popular Ethereum wallets, MyEtherWallet suffered from the second major security breach in the last year, after the widely used VPN service was compromised. This is reported by TechCrunch.

MyEtherWallet warned its users using the free Hola VPN plug-in, which is installed on 50 million computers, that they could become victims of an attack aimed at stealing cryptocurrency.

The company stated that Hola was compromised for 5 hours. Users who used the plug-in and their wallet may lose the funds stored on it. MyEtherWallet recommends that everyone who used the wallet and VPN during the last 24 hours to transfer their funds to a new address.

MyEtherWallet Twitter
MyEtherWallet Twitter

In a conversation with TechCrunch, the MyEtherWallet team reported that it assumes that the attack originated from the Russian IP address.

The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.
 

MEW Team

Earlier, MyEtherWallet was already the victim of the attack. Then a DNS server was hacked, which allowed the hacker to redirect users to a phishing copy of the site.

Ethereum VM May Have Vulnerability

The vulnerability is reported by NettaLab Twitter account
12 November 2018   115

On November 9, a statement appeared in Netta Lab’s Twitter account that the organization discovered a vulnerability in the Ethereum virtual machine that allows to execute smart contracts endlessly without paying for gas online. The researchers also allegedly turned to the operator of the American database of vulnerabilities, where they registered the corresponding discovery.

Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas being paied.
 

Netta Lab's Twitter

At Netta Lab's request, Google demonstrates the site of the netto.io project, which specializes in auditing smart contracts under the Netta Lab brand, but the Twitter accounts of the projects do not match. Note that the profile that reported the vulnerability was registered in November.

Many users expressed doubts about the authenticity of the information that appeared, but then the creator of the NEO project Da Hongwei said that he spoke with the CEO of Netta Labs and asked the researchers to audit the NEO virtual machine.

Nevertheless, Vitalik Buterin wrote on Reddit that this is a vulnerability in the Python-implementation of the virtual machine, which was first reported on GitHub 9 days ago. This means that the main clients (go-ethereum; parity and cpp-ethereum) are not affected.