Hola VPN, a widely-used free VPN service, was hacked earlier today as part of an effort to steal cryptocurrency from MyEtherWallet (MEW) accounts.
The hackers targeted the Hola VPN extension for Google Chrome, in order to gain access to MEW – a popular solution for managing cryptocurrencies. To be clear, it was the Hola VPN hacking which could then give access to the MEW accounts – MyEtherWallet has not, itself, been hacked.
It’s the second time this year that MEW has suffered a security breach, but this incident serves more as a reminder why should avoid free VPN services rather than crypto wallets in general.
Hola VPN Hack: What Happened?
According to MEW, it received a report that suggested the Hola Chrome extension was hacked for approximately five hours, and that the attack would log users’ activity on MyEtherWallet.
By tracking user activity, it would, in theory allow the hackers to replicate the sign-in process and transfer funds out of the MEW accounts. It’s important to note, that Hola hasn’t commented on this hacking incident either on its Twitter account or on its website – we’ll update, though, should this change.
It’s difficult to know exactly who was behind the hacking, although MEW has stated on Twitter that the attack appeared to have come from a “Russian-based IP address”.
MyEtherWallet Breach and Fallout
This hack doesn’t affect MEW users who don’t also use the Hola VPN Chrome extension. However, if you do use both MEW and the Chrome extension, MEW recommends that you transfer funds from your existing MEW account into a new one, as soon as possible.
It goes almost without saying, of course, that if you use the Hola VPN Chrome extension, you should uninstall it straight away. A security risk such as this isn’t to be taken lightly, and Hola itself is yet to make any comment to reassure users.
If the worst has happened, and your MEW account has been compromised, there’s little support available to recover your cryptocurrency. As MEW states prominently on its website, it’s not a bank and cannot recover the funds if they have been taken from your account.
Is Hola VPN Safe to Use?
While we wouldn’t dismiss Hola as completely unsafe, we would strongly advise against using it, for several reasons.
Firstly, when we reviewed Hola, several of the tests revealed our ISP and even our real IP address.
Secondly, Hola has previous form for selling users’ bandwidth to third-parties. This means that hackers or spammers could be conducting illegal activity using your IP address if you’ve enabled Hola on your browser.
Thirdly, back in 2015 Hola was accused of giving third-party hackers access to its users’ PCs to conduct DDoS attacks – these attacks send a load of traffic over to a specific website or server in order to overload it and crash them.
If you want to know more about Hola VPN, and why you should give it a wide berth, check out our full Hola VPN review here.
How to Use a VPN Safely
But don’t let this news put you off using a VPN. There are plenty of services out there which are safe, secure and totally legit – just bear in mind that you’ll have to pay for these services.
However, a quality VPN, whether you want one to manage your cryptocurrency securely, or watch Queer Eye on holiday, needn’t cost the earth. In fact, many, including our current top choice PureVPN, cost as little as $2.48 per month and can be cancelled at any time.
PureVPN is our favourite VPN, and with good reason. It's fast, secure and surprisingly cheap.
You should also steer away from free VPN Chrome extensions. This is because they lack some of the security smarts that a paid-for VPN would have. While proper VPN services do often offer browser extensions, these are likely to be more secure and less buggy than a free extension.
The free plug-ins can have drawbacks including tracking your online behaviour to serve adverts or share data with third-parties – the last thing you want while using a VPN.