Recently, an anonymous cryptocurrency investor known as “Sell When Over” shared a troubling experience on a cryptocurrency platform. The investor disclosed that they had incurred a staggering loss of $800,000. This loss was attributed to the presence of two suspicious Google Chrome browser extensions that infiltrated their system.
Upon closer examination, it was revealed that the investor had initially noticed a loss of $500,000 from their various wallet applications. They suspected that their system had been compromised through malicious extensions that appeared on their Chrome browser. These extensions led to the subsequent loss of an additional $300,000, bringing the total loss to $800,000.
The victim suspected that a keylogger was involved in targeting specific cryptocurrency wallet extensions. The compromised Chrome browser, coupled with the suspicious extensions, facilitated the theft of sensitive information such as seed phrases and login credentials. Despite no immediate abnormal behavior after a system restart, the damage had already been done.
Investigation revealed two suspicious extensions named “Sync test beta” and “Simple Game,” along with an auto Korean translation setting enabled in Chrome. The “Sync test beta” extension was identified as a keylogger, while “Simple Game” was found to monitor tab activities and communicate with an external site’s PHP script.
In light of this costly mistake, the trader emphasized the importance of vigilance and caution when encountering any suspicious activities on their system. They advised others to err on the side of caution and immediately wipe their PC if prompted to input sensitive information such as seed phrases. The trader acknowledged that their complacency, combined with a major Chrome update, had contributed to their vulnerability.
Following the investigation, it was discovered that the attackers had transferred the stolen funds to two cryptocurrency exchanges: MEXC in Singapore, and Gate.io in the Cayman Islands. This transfer highlighted the severity of the breach and the challenges faced in recovering the lost funds.
The experience of the cryptocurrency investor serves as a cautionary tale for all individuals engaged in digital asset management. It underscores the importance of maintaining robust cybersecurity measures, staying vigilant against potential threats, and taking immediate action upon detecting any suspicious activities.