A cryptocurrency investor known as “Sell When Over” recently revealed a substantial loss of $800,000 resulting from two suspicious Google Chrome browser extensions. The investor initially detected a loss of $500,000 from various wallet applications and suspected that they were targeted via an extension attack.
Compromise Investigation
Upon further investigation, the victim discovered that their Chrome browser had been compromised, potentially through a keylogger that targeted specific crypto wallet extensions. The trader had delayed updating Google Chrome for several weeks, but a mandatory Windows update eventually forced a system restart. After relaunching Chrome, all tabs were missing, and extension logins had been reset.
The victim identified two suspicious extensions, namely “Sync test beta” and “Simple Game,” along with an auto Korean translation setting enabled in Chrome. The “Sync test BETA” extension was confirmed to be a keylogger, while “Simple Game” appeared to monitor tab activities and communicate with an external site’s PHP script.
Consequences and Lessons Learned
The investor expressed regret over the $800,000 loss due to the malicious extensions, emphasizing the importance of taking immediate action if anything appears suspicious. They advised others to wipe their entire PC if prompted to input sensitive information like seed phrases. The trader admitted that their guard was down during the incident, as they attributed the extension reset and tab loss to a major Chrome update.
Subsequent to the attack, the perpetrators reportedly transferred the stolen funds to two exchanges, MEXC in Singapore, and Gate.io in the Cayman Islands. The investigation into the incident is ongoing, and efforts are being made to identify and apprehend the culprits responsible for the significant financial loss.
The case of the investor losing $800,000 due to malicious Chrome extensions serves as a stark reminder of the potential security risks associated with using browser extensions, especially in the realm of cryptocurrency investment. It underscores the importance of remaining vigilant, keeping software up to date, and promptly addressing any unusual activity to prevent such devastating financial losses in the future.