Attack of the Browser Extensions

Throughout the past decade in crypto, there have been various ways thieves have successfully stolen millions worth of tokens. While security and safe practices have been steadily improving, so have the creative ways bad actors use to gain access to your wallets and your hard-earned money.

Hard Wallet Seed Phrase Stolen by Malware

Just yesterday, a twitter user, WizardofAus (@BTCchellingPt), reported that a Chrome extension called Ledger Secure contained malware that had successfully gained access to and forwarded his Ledger wallet seed phrase to its developer. He lost 600 ZEC tokens, worth around $16,000 at the time of this writing.

Ledger’s support twitter account (@Ledger_Support) has also released a notice warning their customers about Ledger Secure and how it is not an official Ledger product. They also provided links to help those who may have accidentally installed it and also how to report the malicious extension.

Moving Forward

In light of this recent phishing scam, all of us here on the CoolWallet S team would like to urge everyone to not install any browser extensions or any other application that may have access to any files or documents on your computers, smartphones or tablet devices. Popular browsers such as Chrome, Firefox and Safari have gone through great lengths to prevent users from sideloading unofficial extensions and plugins to their browsers for this very reason. We also recommend to not keep a digital copy of your seed phrases. They're safest when written on a piece of paper and stored in a safe place. Let’s all learn from each others’ mistakes and not let this little setback define the new year. Stay safe out there!!