SECURITY

Google extension implanted with "keylogger," users lose $800,000 in cryptocurrency

share
Google extension implanted with "keylogger," users lose $800,000 in cryptocurrency

Twitter user @sell9000 tweeted on April 8 that he seemed to have lost $800,000 due to two Chrome extensions, the incident unfolded as follows.

Wallet Extension Applications Logged Out

@sell9000 had previously manually postponed updates for the Chrome browser, but a Windows update required him to restart his computer and browser, resulting in all tab history disappearing and wallet extensions being logged out upon restarting and updating Chrome.

This forced him to re-import mnemonic phrases for wallets like Metamask, but after importing, his encrypted assets were gradually transferred out over a period of about three weeks, resulting in a total loss of approximately $800,000.

He emphasized that he imported the mnemonic phrases from another clean and secure computer, and virus scans showed no issues.

Keylogger Disguised as Chrome Extension

Upon preliminary investigation, he discovered two suspicious Chrome extensions, "Sync test beta" and "Simple Game," as well as Korean automatic translation settings enabled in Chrome.

"Sync test beta" was confirmed to be a keylogger, while "Simple Game" appeared to monitor page activities and communicate with PHP scripts on external websites.

User @sell9000, regarding this cybersecurity incident, urged:

This is an $800,000 mistake, my lesson learned is, if anything seems off and then your computer asks you for a mnemonic phrase, then format the entire computer and reset.

He suspected an abnormal restart event on Chrome on a specific computer led to the attack on his computer. The attacker has already transferred the funds to exchanges MEXC and Gate.io, and it appears that no cybersecurity agency has intervened to assist.