In a shocking turn of events, an anonymous cryptocurrency investor known as “Sell When Over” on X recently reported a staggering loss of $800,000 due to the presence of two suspicious Google Chrome browser extensions. The investor initially voiced their concerns on X, disclosing that they had noticed a loss of $500,000 across multiple wallet applications. This discovery prompted them to suspect that they had fallen victim to an extension attack, noting the appearance of two questionable extensions on their Chrome browser.
Upon further investigation, it was revealed that the extent of the compromise was far more severe than initially anticipated, totaling a loss of $800,000. The investor suspected that their Google Chrome browser had been compromised, potentially by a keylogger targeting specific cryptocurrency wallet extensions. Prior to the incident, the trader had repeatedly delayed an update for Google Chrome, only to be forced into a system restart by a mandatory Windows update. Upon reopening Chrome, they noticed that all tabs had disappeared, and extension logins had been reset.
In the aftermath of the attack, the investor was compelled to re-enter all their credentials on Chrome and manually import seed phrases for their cryptocurrency wallets from a separate secure device. Despite observing no abnormal behavior in their browser post-restart and receiving no warnings from their virus scanner, the investor identified two suspicious extensions – “Sync test beta” and “Simple Game” – as well as an auto Korean translation setting enabled in Chrome. They confirmed that “Sync test BETA” was indeed a keylogger, while “Simple Game” appeared to monitor tab activities and communicate with an external site’s PHP script.
Reflecting on the costly mistake that resulted in an $800,000 loss, the trader emphasized the importance of vigilance when dealing with cryptocurrency and browser extensions. They advised others to err on the side of caution and immediately wipe their entire PC if anything seems amiss, especially if prompted to input a seed. The investor admitted that their guard had been down due to the coinciding major Chrome update, which led them to believe that the extension reset and tab loss were related to this update. As of the latest update, the attackers had reportedly transferred the funds to two exchanges: MEXC in Singapore and Gate.io in the Cayman Islands.
Overall, this unfortunate incident serves as a stark reminder of the risks associated with cryptocurrency investments and the importance of maintaining a secure browsing environment to safeguard sensitive financial information.
Leave a Reply