49 Cryptocurrency Wallet Browser Extensions Found Stealing Private keys

btc_angela

hero member

Activity: 2660

Merit: 551

Quote from: Crypto_lion on May 02, 2020, 05:26:45 AM

This is why I always go with hardware wallets . You never know which extension or the exe file that you installed is monitoring your clipboard and stealing your keys.

I think if we are starting in our crypto journey, most of us doesn't prefer hardware wallet. We buy them when we mature and learn securing our coins specially if we're going to be a long term holder and involves a lot of investment. We can used Adblock or Ublock so that we can't get phished by this malicious websites.

Or if you see once, then look at the reviews of the apps, usually you will find at least one who are going to exposed and say that this browser extensions are malicious and not legit. And then report them, it will take only a couple of minutes of our time.

Crypto_lion

member

Activity: 630

Merit: 11

NEW MEDICINE:Faster, Safer, Smarter

This is why I always go with hardware wallets . You never know which extension or the exe file that you installed is monitoring your clipboard and stealing your keys.

davinchi

legendary

Activity: 2100

Merit: 1058

Google is continuously taking action against all types of scam attempts, that is really good. Moreover, browsers are known for highly vulnerable thing for individuals as hackers usually gets access through browsers. So, avoiding installing extensions in browsers would be one of prevention measurement against hackers. Not sure how many people are following such practices.

These days, before installing apps in mobile phones and installing extensions on browsers, we must take time to make user about the publishers and their credibility. All the above, some veteran forum members suggested about having a dedicated desktop/laptop only for accessing crypto wallets. I am not sure how many people here may afford such separate system for crypto wallets, but we must work on that so that we may secure ourselves from all possible hack attempts.

doctor877

full member

Activity: 896

Merit: 115

I. Definitely not a fan of browser extension for whatever purpose it might be. These wallets developers and browser developers should find a way to ensure more security for user that love to use them of maybe remove the extension

verita1

member

Activity: 1358

Merit: 81

Google must improve its conditions of use and thorough verification of the developments that wish to host its extensions for users. It's amazing how bad actors take advantage of such a valuable resource to commit their scams.
The malicious extensions were discovered by MyCrypto and PhishFort, which were subsequently reported to Google.

https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9

Dhoe

hero member

Activity: 1442

Merit: 510

Simple tips that we can do is never install any extension on your computer, if you use one of the wallets above then I think that's enough as a security for your assets without needing to install any extensions again. I am a Trezor user and until now I never installed Extensions on my browser.

asriloni

legendary

Activity: 3038

Merit: 1024

Leading Crypto Sports Betting & Casino Platform

Quote from: pakhitheboss on May 01, 2020, 07:57:37 PM

This is a serious issue and there might be many more which google might have not been able to detect.

That's why we must create a report to the app or any extension that looks suspicious. I have already reported some suspicious extensions and it has already removed too.
There was a lot of fake extension that is still available in the various platform.

I just hope people will aware to use the recommended extension too.

TravelMug

hero member

Activity: 2632

Merit: 833

Quote from: pakhitheboss on May 01, 2020, 07:57:37 PM

A other negative publicity for cryptocurrency.

It seems nothing can stop scammers to scam cryptocurrency investors. This is a serious issue and there might be many more which google might have not been able to detect.

I generally do not access my Private key using my browser as I do not have a web wallet. I prefer using desktop wallets.

I wouldn't say that this is negative though, I will have to look at the bright side, at least Google has removed it and that people should be aware on the dangers of getting yourself involved in crypto currency. If you are here just to make money and you think that it is easy, then think again.

There are a lot of scammers and cyber criminals around, you need to educate ourselves here. Scammers will be always here, but if we have enough knowledge to not get caught by their trick, then it's a win-win situation for us.

pakhitheboss

hero member

Activity: 2156

Merit: 803

Top Crypto Casino

A other negative publicity for cryptocurrency.

It seems nothing can stop scammers to scam cryptocurrency investors. This is a serious issue and there might be many more which google might have not been able to detect.

I generally do not access my Private key using my browser as I do not have a web wallet. I prefer using desktop wallets.

Ridwan Fauzi

full member

Activity: 1330

Merit: 147

I found this article that I think this have a similarities https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born

Just a warning to not download any platform from unknown source. You have to go to original source first before you download a platform.

20kevin20

legendary

Activity: 1134

Merit: 1598

Quote from: SUMBI99 on April 15, 2020, 04:49:49 PM

~
These Chrome extensions targeted users of crypto wallets, such as Ledger, Trezor
~

I'm wondering how this works as long as I don't input my seed anywhere? AFAIK Ledger does not communicate private keys in any way, correct? So I believe the only way they could target Ledger devices was to generate automatically fake txs so users could be deceived into their acceptance.. am I missing something?

adzino

copper member

Activity: 2968

Merit: 575

www.Crypto.Games: Multiple coins, multiple games

I am not surprised at all hearing this. Never trusted those wallet browser extensions. They all together sounds really fishy to be honest. Though I am a little bit surprised that it took them time to realize that those extensions were stealing private keys. Aren't all chrome extension like opensource. I mean everyone is able to read the code right unless they obfuscate it.
Anyway, I think at least this news might make people think twice before adding some random extension or software.

Nadziratel

sr. member

Activity: 1568

Merit: 321

★777Coin.com★ Fun BTC Casino!

These Chrome plugins have always seemed reliable to me. For this reason, I do not use any extension other than the one for translation.
I am sure not all of them is malicious but there is no need to take a risk for this extensions.

kingzpro

member

Activity: 756

Merit: 13

DIFX - Digital Finacial Exchange

Yeah i have always felt that these extensions are never safe. These are like giving access to third party software to your browser and your data which is very risky because you never know their intentions and they can use your data to exploit it or simply access your wallet, card or banking details so never install them.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Most of the extensions are created in the way to steal user data then only they can make money by selling your data so whenever you install an extension in your device make sure it is not just a random one so you can avoid losing important data like private keys.

terrific

hero member

Activity: 2268

Merit: 507

Catalog Websites

Quote from: aemma on May 01, 2020, 05:22:35 AM

The more cryptocurrencies grows the more scammers and hackers keeps looking for ways to steal from people then proving the fact that, crypto is highly valuable (depends on the crypto though) no matter how most people sees it. However, this is a call for concern (49 browser extensions is too much) that we should be extremely careful of the type of browser extensions we install, i don't think it makes sense installing anyhow extension just because it looks good or with good and attractive features but instead installing and sticking to those which have been proven to be genuine for a long time. As this is a matter of money, at all times, safety should not be taken for granted.

It's because crypto is valuable and these scammers are probably also the ones that do fraud and hacking with the banks.
Wherever the money is, they are there.
And for you people, always secure the extensions that you use on your browsers and as much as possible, minimize the use of it.

aemma

copper member

Activity: 966

Merit: 14

The more cryptocurrencies grows the more scammers and hackers keeps looking for ways to steal from people then proving the fact that, crypto is highly valuable (depends on the crypto though) no matter how most people sees it. However, this is a call for concern (49 browser extensions is too much) that we should be extremely careful of the type of browser extensions we install, i don't think it makes sense installing anyhow extension just because it looks good or with good and attractive features but instead installing and sticking to those which have been proven to be genuine for a long time. As this is a matter of money, at all times, safety should not be taken for granted.

SUMBI99

jr. member

Activity: 79

Merit: 3

Google has removed 49 cryptocurrency wallet browser extensions after a security researcher discovered they were stealing private keys. These Chrome extensions targeted users of crypto wallets, such as Ledger, Trezor, Jaxx, Electrum, Myetherwallet, Metamask, Exodus, and Keepkey.

Security researcher Harry Denley further revealed that the cryptocurrency wallets targeted by the 49 malicious Chrome browser extensions were Ledger, Trezor, Jaxx, Electrum, Myetherwallet, Metamask, Exodus, and Keepkey. He found that the most attacked wallet was Ledger, targeted by 57% of the malicious browser extensions. The second most targeted wallet was Myetherwallet (22%), followed by Trezor (8%), Electrum (4%), Keepkey (4%), and Jaxx (2%).

Read More On::https://news.bitcoin.com/google-cryptocurrency-wallet-browser/?utm_source=OneSignal%20Push&utm_medium=notification&utm_campaign=Push%20Notifications

Topic: 49 Cryptocurrency Wallet Browser Extensions Found Stealing Private keys (Read 170 times)