With time, as the crypto industry evolves, so does all of the sectors associated with it – including the cybercriminals and how they develop new ways to target the funds of crypto users. Unclear regulations and lack of awareness have helped scammers and fraudsters prey on the unaware.
The latest Cryptocurrency Anti-Money Laundering (AML) report has revealed that the first six months have seen $4.26 billion lost to thefts, scams, and Ponzi schemes.
Google Chrome unsafe
Now a medium post from the director of security at wallet provider MyCrypto, Harry Denley, exposes multiple fake Wallet extensions available on the Google Chrome web store. So far Google has removed 49 such extensions that were designed to look like popular crypto wallets Trezor.
These extensions are just a new tool used by hackers for phishing. These malicious extensions have the ability to record personal information like private keys, passwords, Keystore files, and other sensitive data, and send it to the hacker who can utilize this information to steal funds.
The fake extensions that have been identified till date have claimed to represent major names like Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey. Denley has reportedly sent some test amounts of crypto to these extensions, but these have not been picked up. Hence, Denley believes that the wallets either need to be manually emptied, or the hackers are only looking to target substantial amounts of funds.
Denley notes that most of these malicious applications on the chrome web store had been rated with great reviews, written in extremely simple terms like “good,” “helpful app,” or “legit extension.” He added that the admin email of one such extension was Russian, indicating that the hacked could be based in Russia.
The report also notes that the majority of the malicious extensions pretended to be hardware wallet giant Ledger. While there’s no connection as to why Ledger is being chosen here, but it could very well do with the company’s reputation, considering it is the market leader. The second spot belongs to MyEtherWallet, which was 22% of fake extensions.
Denley further told media outlet Coindesk:
“Most of the malicious extensions had the same structure and same files which could be analysed. The only way I can think of limiting the victim pool is by education and normalising the behaviour of not entering raw secrets into [user interfaces].”
Lack of awareness = Loss of funds
It is quite evident that the lack of awareness and carelessness while securing one’s digital assets is the primary reason why users fall for these. In this digital era, one must always take proper precautions especially when it’s about money. The Cryptocurrency industry is still flawed and has a long way to go before we achieve mainstream adoption.
As previously reported by The Daily Chain, Scammers have even targeted users on popular dating application Tinder. Users have mentioned that Asian girls, or profiles pretending to be Asian girls who are interested in cryptocurrencies, have tried to match with crypto enthusiasts in order to dupe them.
Hence it is advised that one must always conduct thorough research while dealing with anything related to cryptocurrencies. Here are 8 things you can do to stay safe.