Chrome Extension Breach Exposes Crypto Wallets to Theft, Experts Warn

Malicious Update in SwitchyOmega Stolen Private Keys
Researchers at SlowMist have uncovered a breach within the popular Chrome proxy extension SwitchyOmega that has been utilized to steal crypto wallet private keys. Over 500,000 users may have unknowingly installed the compromised version, compromising their digital holdings.
Phishing Attack Led to Extension Compromise
The attack began when there was a phishing email that went to one of Cyberhaven’s employees. The attackers had impersonated the victim in order to grant OAuth access to the Cyberhaven account, through which they could upload a false version (24.10.4) of SwitchyOmega.
The phishing notification was deceptive, stating that Cyberhaven’s browser extension violated Google’s guidelines and would be taken down unless swift action was initiated. The social engineering tactic allowed hackers to inject malicious code into the extension.
Private Keys and Wallets at Risk
The hacked extension allegedly steals sensitive data like private keys and mnemonic sentences for crypto wallets. But the scope of the compromise is not yet clear. Affected users are warned by security researchers to verify their extension’s ID to ensure they are using the actual version.
Growing Dangers from Browser-Based Attacks
This attack underscores the increasing danger of browser extension attacks to the crypto community. In September 2024, Group-IB, a cybersecurity firm, revealed that North Korean hacker group Lazarus was expanding its cyberattacks by targeting crypto experts and developers via fake video apps and browser extensions.
How to Stay Safe
Experts recommend users:
- Occasionally check and verify installed browser extensions are authentic.
- Turn off automatic updates for high-risk extensions.
- Use hardware wallets to hold crypto offline in order to prevent online exposure.
- Avoid phishing scams that target security software accounts.
The recent hack serves as a reminder of the need to be more vigilant when using third-party browser extensions, particularly for crypto business.
Read More

US Federal Agencies Must Report Crypto Holdings to Treasury by April 7
Chrome Extension Breach Exposes Crypto Wallets to Theft, Experts Warn

Malicious Update in SwitchyOmega Stolen Private Keys
Researchers at SlowMist have uncovered a breach within the popular Chrome proxy extension SwitchyOmega that has been utilized to steal crypto wallet private keys. Over 500,000 users may have unknowingly installed the compromised version, compromising their digital holdings.
Phishing Attack Led to Extension Compromise
The attack began when there was a phishing email that went to one of Cyberhaven’s employees. The attackers had impersonated the victim in order to grant OAuth access to the Cyberhaven account, through which they could upload a false version (24.10.4) of SwitchyOmega.
The phishing notification was deceptive, stating that Cyberhaven’s browser extension violated Google’s guidelines and would be taken down unless swift action was initiated. The social engineering tactic allowed hackers to inject malicious code into the extension.
Private Keys and Wallets at Risk
The hacked extension allegedly steals sensitive data like private keys and mnemonic sentences for crypto wallets. But the scope of the compromise is not yet clear. Affected users are warned by security researchers to verify their extension’s ID to ensure they are using the actual version.
Growing Dangers from Browser-Based Attacks
This attack underscores the increasing danger of browser extension attacks to the crypto community. In September 2024, Group-IB, a cybersecurity firm, revealed that North Korean hacker group Lazarus was expanding its cyberattacks by targeting crypto experts and developers via fake video apps and browser extensions.
How to Stay Safe
Experts recommend users:
- Occasionally check and verify installed browser extensions are authentic.
- Turn off automatic updates for high-risk extensions.
- Use hardware wallets to hold crypto offline in order to prevent online exposure.
- Avoid phishing scams that target security software accounts.
The recent hack serves as a reminder of the need to be more vigilant when using third-party browser extensions, particularly for crypto business.
Read More
