Google’s Expansion Contaminated by “Keylogger” Infiltration, Resulting in $800,000 Cryptocurrency Loss for Users
Twitter user @sell9000 tweeted on April 8th that he seemed to have lost $800,000 due to two Chrome extensions. The incident unfolded as follows.
Contents:
Toggle
All wallet extensions logged out
Keyboard logger disguised as Chrome extension
All wallet extensions logged out
@sell9000 had previously manually postponed the updates for Chrome browser multiple times. However, a Windows update required him to restart his computer and browser. After restarting and updating the Chrome browser, he discovered that all tab history was gone and extensions were logged out.
This led him to import the mnemonic phrases for wallet applications like Metamask again. However, after importing them, the encrypted assets in the wallet were gradually transferred out over a period of about three weeks, resulting in a total loss of approximately $800,000.
Advertisement – Continue scrolling for the rest of the article
He emphasized that he imported the mnemonic phrases from another clean and secure computer, and the virus scanning program showed no issues.
Keyboard logger disguised as a Chrome extension
Preliminary investigations revealed two suspicious Chrome extensions: “Sync test beta” and “Simple Game.” Additionally, Korean automatic translation settings were enabled in Chrome.
“Sync test beta” was confirmed to be a keyboard logger, while “Simple Game” appeared to monitor tab activity and communicate with PHP scripts on external websites.
Regarding this security incident, user @sell9000 urged:
This is an $800,000 mistake. The lesson I learned is that if anything seems off and your computer asks you to enter mnemonic phrases, format and reset the entire computer first.
He suspected that an abnormal restart event on a specific computer caused his computer to be compromised. The attacker has currently transferred the funds to exchanges MEXC and Gate.io, and it seems that no cybersecurity institution has intervened to assist.
Chrome
Google
MetaMask
Simple Game
Sync test beta
Further reading
How did coins flow into someone else’s wallet? Browser extensions hide risks, one step to protect your cryptocurrency assets
The number of Brave browser users continues to grow in Japan.