Harry Denley, director of security at wallet provider MyCrypto, who identified the fake wallet extensions, said in a report Tuesday that Google has so far removed 49 extensions that purported to be well-known crypto wallets from its Chrome Web Store.
The fake extensions are basic phishing plays. Posing as legitimate wallets, they leak personal information inputted by users, such as private keys and passwords, to the hacker, who can then drain balances in a matter of seconds.
The fakes detected have so far claimed to be wallets such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey. Test amounts of crypto sent by Denley have not been picked up, suggesting that either the hacker has to manually empty wallets or that they are only interested in comparatively large balances.
On the Chrome Web Store, most of these apps had consistently good reviews written typically in simplistic or broken English. On the basis that the admin email appears to be a Russian one, it's possible the hacker could also be based there, Denley noted.
More than half of all malicious extensions reported have claimed to be hardware wallet maker Ledger – nearly double the next largest, MyEtherWallet, which was 22 percent of fake extensions. There's no obvious reason why the hacker decided to focus so much on Ledger, Denley said in his report.
When asked if there's a way to prevent hackers from creating new fake extensions, Denley told CoinDesk: "Not really, though Google could use the data from the 49 extensions we've flagged to build some detection – though it could be easily bypassed."
"Most of the malicious extensions had the same structure and same files which could be analysed," he said. "The only way I can think of limiting the victim pool is by education and normalising the behaviour of not entering raw secrets into [user interfaces]."
Denley has highlighted serious security threats in cryptocurrency wallets before. Last year, he wrote a paper showing how one supposedly secure wallet provider was in fact issuing the same private keys to multiple users.
Denley first detected the fake wallets back in February. Since then, the number of reported phishing attacks has risen exponentially on a month-on-month basis. Because the hacker has not yet been identified, it's possible they could continue creating fake wallet extensions ad infinitum.
Hi My Name Is Robert Fernandez I am Financial Investor in the Private Capital Market since 2011. For More Information Read More.
ReplyDeleteFrank Gonzalez is a content writer who helps simplify insurance for readers interested in Hedge Funds. For More Information Click Here.
ReplyDeleteFrank Gonzalez is a content writer who helps simplify investment for readers interested in the Private Hedge Fund. He wrought an article about 4 Qualities Of a Good Private Hedge Fund.For More Information Click Here.
ReplyDeleteAmazing write-up! You always have good humor in your Blog's , So much fun and easy to read! You can also read about Tcm Digital Asset Fund
ReplyDeleteThis information is very helpful. Thank You for sharing such valuable information with us. To get more information about health insurance, visit our website.
ReplyDeleteRead More
Very refreshing content you have shared here I liked it too much. I am very thankful to you that you have posted it here.
ReplyDeleteSBI share price
Tata Steel Share Price
ITC Share Price
DLF share price
HDFC bank share price