On-chain Data: Multiple CEX users' deposit and withdrawal addresses compromised by hackers through malicious script injection substitution
Blockchain data researcher X-explore revealed that many users' deposit and withdrawal addresses on centralized cryptocurrency exchanges (CEX) have been replaced by hackers with other addresses. Since June 2022, this incident has occurred hundreds of times, affecting over ten CEXs.
Table of Contents
Browser Extension Malware Causes Havoc, Hackers Profit Over $7,000
X-explore issued a warning on Twitter yesterday (8) that hackers have been using malicious browser extension plugins installed by users on websites to replace the withdrawal and deposit addresses of CEX users with the hackers' own wallet addresses. Affected exchanges include Binance, Stake, and dozens of other CEX platforms.
Analysis shows that most of the attacks occurred on the XRP chain, starting in June last year and continuing across various CEX platforms and users, totaling 142 attacks and resulting in a loss of 14,361 XRP tokens (approximately $7,600 at current value).
How to Prevent Hacker Attacks
To prevent malicious cyber attacks, X-explore advises users not to download or install unfamiliar browser extension applications and software. Users should identify the developers of the software and understand what rights they are granting to their devices.
Furthermore, when withdrawing or depositing funds, users should carefully check the withdrawal and deposit addresses displayed in official emails to ensure accuracy before proceeding with the transactions.
Lastly, users are reminded not to deposit large amounts of assets in a single exchange at once and should diversify their risks.
X-explore also urges all exchanges to regularly review the security of their API systems.
During Bear Markets, Making Money Isn't Just About Shorting, Hackers Are Also Involved
Despite being in a bear market, scams, phishing, and malicious attacks continue to proliferate. Whether it's deploying applications with malicious programs through Google extension functions; sending emails disguised as official company communications containing stolen private keys or asset addresses; or directly targeting smart contracts on blockchain networks for theft.
Previously, there have been instances of fake Google Sheets extensions posing as legitimate "Google sheet" web applications. The difference between the real Google Sheets and the fake ones lies only in slight variations in names and logos, making it easy to overlook without careful scrutiny.
This malicious extension also modifies website content to replace users' deposit addresses with the developer's own address.
In May of this year, Meta company highlighted in their first-quarter security report the discovery of dozens of malicious software related to ChatGPT, with the numbers continuing to rise significantly.
Most of these falsely claim to provide auxiliary tools for ChatGPT, but in reality, they attempt to invade users' electronic devices.
Related
- eToro agrees to pay $1.5 million to settle with SEC, U.S. customers will only be able to trade BTC, BCH, and ETH
- Circle CEO Concerned About MiCA: Introduces Credit Risk, No Banks Willing to Cooperate on Reserves
- Jump Trading's subsidiary claims $264 million from FTX: "Still haven't received my SRM tokens"