A scary thing happened: a cryptocurrency trader named “Sell When Over” on X lost an unbelievable $800,000 to two harmful Google Chrome browser extensions.
The user talked about what happened on X and said they thought the “Sync test BETA (colourful)” and “Simple Game” extensions might have had Keyloggers hidden inside them, specially designed to target wallet extension apps.
Trader’s Caution – Keyloggers – A Stealthy Cyber Threat
Cybercriminals often use keyloggers, which are malicious programs that secretly record every word made on a victim’s computer. Using this sneaky method, attackers can access private data like passwords and seed phrases for cryptocurrency wallets.
According to Sell When Over, the problem started after Google Chrome was updated. The user had been putting off the update, but a Windows update forced them to restart their computer, which deleted all their open tabs and Chrome apps.
Because of these strange events, they had to enter all their passwords again on Chrome, including their seed phrases. People think that during this process, the implanted keylogger got their hands on their private information. Interestingly, after restarting, the user didn’t notice any strange behaviour in their browser.
“I ran a virus scan and found no problems. No other strange additions showed up. Then I imported my seed phrases again,” the user said.
After further research, it was found that their system had two malicious extensions. Notably, Google Translate was set up to translate between English and Korean in their browser settings instantly.
The thieves are said to have sent the stolen funds to two cryptocurrency exchanges: MEXC in Singapore and Gate.io in the Cayman Islands.
The exact way the computer was broken into is still unknown, but tests have shown that the “Sync test BETA (colourful)” extension worked as a keylogger, sending information to a PHP script on an outside website. It was seen that the “Simple Game” application was “checking if tabs are updated/open/closed/refreshed.”
Sell When Over said, “This is a $800k costly mistake — the lesson is if anything seems off such that it prompts you to input a seed, then wipe the whole PC first.”
It’s important to note that neither of the extensions was in the Chrome Webshop at the time of the report.
This is another incident that raises security concerns about Google Chrome extensions used in the cryptocurrency industry. In a scary report from 2023, cybersecurity experts showed how common Chrome malware was. This included the infamous Rilide, which hackers use to steal private information and cryptocurrency from people who don’t know what’s happening.
Some malware for Windows used add-ons for Google Chrome to steal cryptocurrency and data from the clipboard. This shows that hackers are still trying to get into cryptocurrencies.
