Sunday , May 19 2024
Home / Crypto news / This Trader Reportedly Lost $800k in Crypto Through Malicious Chrome Extensions

This Trader Reportedly Lost $800k in Crypto Through Malicious Chrome Extensions

Summary:
An anonymous cryptocurrency investor with the username “Sell When Over” on X has reported a loss of 0,000 due to two allegedly malicious Google Chrome browser extensions. The investor first raised the alarm with a post on X, revealing that they had discovered a loss of 0,000 from multiple wallet applications. Chrome Extension Attack Leads to 0k Loss “Think I got extension attacked, with two suspicious extensions that appeared on my Chrome browser,” they disclosed. Further investigation by the victim uncovered the extent of the compromise, amounting to a loss of 0,000. They suspected a compromise in their Google Chrome browser, potentially involving a keylogger targeting specific crypto wallet extensions. Total compromise appears to be about 0k. I suspect

Topics:
Wayne Jones considers the following as important: , ,

This could be interesting, too:

Chayanika Deka writes Infamous Pink Drainer Calls It Quits, Citing Mission Accomplished

Wayne Jones writes Reddit Stock Soars Following OpenAI Partnership Announcement

Wayne Jones writes Senator Lummis Posts Bitcoin Laser Eyes After Passed Crypto Legislation

Chayanika Deka writes Former Pump.fun Employee Exploits Withdrawal Authority, Causes .9M Loss

An anonymous cryptocurrency investor with the username “Sell When Over” on X has reported a loss of $800,000 due to two allegedly malicious Google Chrome browser extensions.

The investor first raised the alarm with a post on X, revealing that they had discovered a loss of $500,000 from multiple wallet applications.

Chrome Extension Attack Leads to $800k Loss

“Think I got extension attacked, with two suspicious extensions that appeared on my Chrome browser,” they disclosed. Further investigation by the victim uncovered the extent of the compromise, amounting to a loss of $800,000. They suspected a compromise in their Google Chrome browser, potentially involving a keylogger targeting specific crypto wallet extensions.

Several weeks prior, the trader repeatedly postponed an update for Google Chrome. However, a mandatory Windows update eventually forced a system restart. Upon relaunching Chrome, they noticed that all their tabs had disappeared and extension logins had been reset.

Following the incident, the victim was forced to re-enter all their credentials on Chrome and manually reimport seed phrases for their cryptocurrency wallets from a separate secure device.

The user suspects that the keylogger compromised their sensitive information, leading to funds being drained afterward. The user also did not observe any abnormal behavior in their browser following the restart, with their virus scanner indicating no issues and no other suspicious extensions.

Chrome Extensions Identified as Keyloggers

After the preliminary investigation, they identified two suspicious extensions – “Sync test beta” and “Simple Game” and an auto Korean translation setting enabled in Chrome.

The user remained unsure how exactly their Chrome browser was compromised but confirmed that the “Sync test BETA” extension was a keylogger. Meanwhile, “Simple Game” appeared to monitor tab activities and communicate with an external site’s PHP script.

“This is an $800k costly mistake – lesson is if anything seems off such that it prompts you to input a seed, then wipe the whole PC first,” the trader cautioned.

They also explained that their guard had been down because the update coincided with a major Chrome update, which included changes to the user selection process and the sign-in interface with Google. This led them to think that the reset of extensions and the loss of tabs were due to this significant update.

As of the latest update, the attackers have reportedly transferred the funds to two exchanges: MEXC, located in Singapore, and Gate.io, headquartered in the Cayman Islands.

You Might Also Like:

Leave a Reply

Your email address will not be published. Required fields are marked *