로그인/ 가입하기

Crypto Investor Faces $800k Loss From Chrome Extension Security Flaw

2024/04/09 15:00

따르다

Recently, a cryptocurrency investor using the pseudonym "Sell When Over" on X (previously known as Twitter) disclosed a significant loss of $800,000 due to a security breach involving two Google Chrome browser extensions.

Initially, the investor expressed concerns after noticing a loss of $500,000 from various wallet applications.

Just realized I got $500k drained from multiple wallet apps 46 hours ago

Think I got extension attacked, with two suspicious extensions that appeared on my chrome browser

does not feel good fam

still investigating
— Sell When Over | 9000.sei (@sell9000) April 8, 2024

However, further investigation revealed a more extensive compromise, resulting in a total loss of $800,000.

Just realized I got $500k drained from multiple wallet apps 46 hours ago

Think I got extension attacked, with two suspicious extensions that appeared on my chrome browser

does not feel good fam

still investigating
— Sell When Over | 9000.sei (@sell9000) April 8, 2024

Total compromise appears to be about $800k. I suspect this was a Google chrome compromise containing a possible keylogger targeting specific wallet extension apps (either due to a Chrome vulnerability due to me delaying regular updates or getting malware that wasn't detected by… pic.twitter.com/yMJfHAFzQo
— Sell When Over | 9000.sei (@sell9000) April 8, 2024

The investor suspects that their Google Chrome browser was compromised, potentially through a keylogger targeting specific crypto wallet extensions.

Notably, the investor had delayed updating their Chrome browser for several weeks, but a mandatory Windows update eventually forced a system restart.

Upon relaunching Chrome, the investor discovered that all their tabs had disappeared, and extension logins had reset.

To mitigate the incident, the victim had to re-enter all credentials on Chrome and manually reimport seed phrases for their crypto wallets from a separate secure device.

The user believes that the keylogger compromised their sensitive information, leading to the depletion of their funds.

Two Suspects Behind the Chrome Extension Attack

During the investigation, two suspicious extensions, "Sync test beta" and "Simple Game," were identified.

Still not sure how the extensions got onto Chrome and what the attack vector is, but can confirm that "Sync test BETA (colorful)" is a keylogger. The other one "Simple Game" appears to be checking if tabs are updated/open/closed/refreshed

"Sync test BETA" appears to be sending… pic.twitter.com/FTTQauDzgE
— Sell When Over | 9000.sei (@sell9000) April 8, 2024

Furthermore, an auto Korean translation setting was enabled in Chrome.

While "Sync test BETA" was confirmed as a keylogger, "Simple Game" appeared to monitor tab activities and communicate with an external site's PHP script.

The investor stressed the importance of vigilance, advising others to wipe their entire PC if anything seems suspicious or prompts the input of a seed phrase.

The exact method of the browser compromise remains unclear, but the investor mentioned being caught off guard by a major Chrome update occurring simultaneously.

As of the latest update, the attackers have allegedly transferred the stolen funds to two exchanges – MEXC in Singapore and Gate.io in the Cayman Islands.

This incident underscores the ongoing need for enhanced online security measures, especially in cryptocurrency investments, emphasising the importance of prompt software updates and vigilance against potential threats.