Chrome extension compromise puts crypto wallets at risk, analysts warn

The researchers discovered a violation in a widely used chrome extension switch that exposes users to the flight of private key.

A compromise version of the Chrome -based proxy switching switching stolen private keys in cryptographic wallets, putting more than 500,000 risk users, Slowmist analysts warn.

The breach began when a phishing email targeted an employee of Cyberhaven, a data security company supplied by the AI, resulting in the injection of harmful code in the extension. Phishing email falsely claimed that the extension of the Cyberhaven browser had violated GooglePolicies and threaten withdrawal unless immediate measures are taken on March 12 research report shows.

Slowmist explained that the striker used Oauth to access the Cyberhaven account, allowing them to download the compromised extension version (24.10.4). As the extension has been updated, users have unconsciously installed the malicious code.

The malicious version of the extension seems to have been able to steal sensitive data, including private keys and mnemonic phrases of cryptographic wallets. We still do not know how many 500,000 affected users have been exposed to the feat. Slowmist analysts advised users to check the extension IDs installed to ensure that they correspond to the official version.

Attacks on crypto traders through browser extensions are not new players who have been trying to exploit them for some time now.

In September 2024, analysts of the Cybersecurity Company Group-IB revealed The fact that the famous group of north-Korean piracy gangs Lazarus, known for its sophisticated cyber campaigns against cryptographic industry, intensified its efforts to target cryptography professionals and developers thanks to false video applications and expanding its targeting of browser extensions.