Currencies32919
Market Cap$ 2.60T-5.71%
24h Spot Volume$ 128.18B+146.2%
DominanceBTC59.42%+0.61%ETH7.14%-6.37%
ETH Gas2.69 Gwei
Cryptorank
MainNewsChrome Exten...

Chrome Extension Breach Exposes Crypto Wallets to Theft, Experts Warn


Mar, 12, 2025
1 min read
by Chiwuike Owunwa
for BTC-Pulse
A user browsing the Chrome Web Store with a warning sign indicating a compromised browser extension.

Malicious Update in SwitchyOmega Stolen Private Keys

Researchers at SlowMist have uncovered a breach within the popular Chrome proxy extension SwitchyOmega that has been utilized to steal crypto wallet private keys. Over 500,000 users may have unknowingly installed the compromised version, compromising their digital holdings.

Phishing Attack Led to Extension Compromise

The attack began when there was a phishing email that went to one of Cyberhaven’s employees. The attackers had impersonated the victim in order to grant OAuth access to the Cyberhaven account, through which they could upload a false version (24.10.4) of SwitchyOmega.

The phishing notification was deceptive, stating that Cyberhaven’s browser extension violated Google’s guidelines and would be taken down unless swift action was initiated. The social engineering tactic allowed hackers to inject malicious code into the extension.

Private Keys and Wallets at Risk

The hacked extension allegedly steals sensitive data like private keys and mnemonic sentences for crypto wallets. But the scope of the compromise is not yet clear. Affected users are warned by security researchers to verify their extension’s ID to ensure they are using the actual version.

Growing Dangers from Browser-Based Attacks

This attack underscores the increasing danger of browser extension attacks to the crypto community. In September 2024, Group-IB, a cybersecurity firm, revealed that North Korean hacker group Lazarus was expanding its cyberattacks by targeting crypto experts and developers via fake video apps and browser extensions.

How to Stay Safe

Experts recommend users:

  • Occasionally check and verify installed browser extensions are authentic.
  • Turn off automatic updates for high-risk extensions.
  • Use hardware wallets to hold crypto offline in order to prevent online exposure.
  • Avoid phishing scams that target security software accounts.

The recent hack serves as a reminder of the need to be more vigilant when using third-party browser extensions, particularly for crypto business.

Read the article at BTC-Pulse

Read More

US Federal Agencies Must Report Crypto Holdings to Treasury by April 7

US Federal Agencies Must Report Crypto Holdings to Treasury by April 7

US agencies must report crypto holdings to Treasury by April 7 per Trump's order—but ...
Apr, 07, 2025
1 min read
by BTC-Pulse
Hong Kong Unveils Crypto Staking Rules, Reinforces Web3 Commitment

Hong Kong Unveils Crypto Staking Rules, Reinforces Web3 Commitment

Hong Kong's SFC unveils staking rules for crypto firms and funds, advancing Web3 whil...
Apr, 07, 2025
2 min read
by BTC-Pulse
MainNewsChrome Exten...

Chrome Extension Breach Exposes Crypto Wallets to Theft, Experts Warn


Mar, 12, 2025
1 min read
by Chiwuike Owunwa
for BTC-Pulse
A user browsing the Chrome Web Store with a warning sign indicating a compromised browser extension.

Malicious Update in SwitchyOmega Stolen Private Keys

Researchers at SlowMist have uncovered a breach within the popular Chrome proxy extension SwitchyOmega that has been utilized to steal crypto wallet private keys. Over 500,000 users may have unknowingly installed the compromised version, compromising their digital holdings.

Phishing Attack Led to Extension Compromise

The attack began when there was a phishing email that went to one of Cyberhaven’s employees. The attackers had impersonated the victim in order to grant OAuth access to the Cyberhaven account, through which they could upload a false version (24.10.4) of SwitchyOmega.

The phishing notification was deceptive, stating that Cyberhaven’s browser extension violated Google’s guidelines and would be taken down unless swift action was initiated. The social engineering tactic allowed hackers to inject malicious code into the extension.

Private Keys and Wallets at Risk

The hacked extension allegedly steals sensitive data like private keys and mnemonic sentences for crypto wallets. But the scope of the compromise is not yet clear. Affected users are warned by security researchers to verify their extension’s ID to ensure they are using the actual version.

Growing Dangers from Browser-Based Attacks

This attack underscores the increasing danger of browser extension attacks to the crypto community. In September 2024, Group-IB, a cybersecurity firm, revealed that North Korean hacker group Lazarus was expanding its cyberattacks by targeting crypto experts and developers via fake video apps and browser extensions.

How to Stay Safe

Experts recommend users:

  • Occasionally check and verify installed browser extensions are authentic.
  • Turn off automatic updates for high-risk extensions.
  • Use hardware wallets to hold crypto offline in order to prevent online exposure.
  • Avoid phishing scams that target security software accounts.

The recent hack serves as a reminder of the need to be more vigilant when using third-party browser extensions, particularly for crypto business.

Read the article at BTC-Pulse

Read More

US Federal Agencies Must Report Crypto Holdings to Treasury by April 7

US Federal Agencies Must Report Crypto Holdings to Treasury by April 7

US agencies must report crypto holdings to Treasury by April 7 per Trump's order—but ...
Apr, 07, 2025
1 min read
by BTC-Pulse
Hong Kong Unveils Crypto Staking Rules, Reinforces Web3 Commitment

Hong Kong Unveils Crypto Staking Rules, Reinforces Web3 Commitment

Hong Kong's SFC unveils staking rules for crypto firms and funds, advancing Web3 whil...
Apr, 07, 2025
2 min read
by BTC-Pulse