A Cryptocurrency investor has alleged that two ‘weird extensions’ have drained $800,000 from multiple of his wallet apps.
The trading and crypto user, who goes by the name ‘sell9000’ on X, has taken to the social media platform to speculate about how this happened.
He says “I suspect this was a Google Chrome compromise containing a possible keylogger targeting specific wallet extension apps…”
Just realized I got $500k drained from multiple wallet apps 46 hours ago
Think I got extension attacked, with two suspicious extensions that appeared on my chrome browser
does not feel good fam
still investigating
— Sell When Over | 9000.sei (@sell9000) April 8, 2024
A keylogger is a malicious application used by cyber criminals to record every action of a keystroke made by another user. That data can then be retrieved by the person operating the logging program.
The user explained how he did a Google Chrome update a few weeks ago, but said that unusually “all my tabs were gone and extension logins had reset” when the browser relaunched. This included his wallets which were now logged out of and required details to be re-added.
He alleges that “Chrome was compromised in that unusual reboot event” and said he found two extensions titled ‘Sync test beta’ and ‘Simple Game.’
The hackers have reportedly sent the funds to two exchanges, the Singapore-based MEXC exchange and the Cayman Islands-headquartered Gate.io.
“A $800k costly mistake”
In one of the latest updates, Sell9000 asks for further assistance and reports it’s an ongoing issue.
While the X user isn’t yet sure how the extensions got onto Chrome and what the attack vector is, they say they can confirm that ‘Sync test BETA (colorful)’ is a keylogger. The other one ‘Simple Game’ is described as checking if tabs are updated, open, closed, and refreshed.
Sell9000 chalks up the incident as being “a $800k costly mistake” and says “The lesson is if anything seems off such as that it prompts you to input a seed, then wipe the whole PC first.
“My guard went down because the updated happened to be when Chrome made a significant update (where now you have to select a user and the[n] sign in with Google UI changed) so I thought that was what caused the extensions to reset and me to lose all my tabs.”
Featured Image: Photo by Firmbee.com on Unsplash
The post Trader loses $800k in crypto to malicious Google Chrome extension appeared first on ReadWrite.