In February, a Binance trader by the handle “doomxbt” uncovered a significant issue when they observed losses amounting to $70,000 due to suspicious activity. The attacker had deposited these stolen funds into SideShift, a crypto exchange driven by artificial intelligence.
It was revealed this week that the culprit might be identified, thanks to a phony Aggr app extension that was sold on the Google Chrome store. The fake Aggr software was made to collect all website cookies from users, in contrast to the real Aggr app, which provides expert trading tools, including on-chain liquidation trackers. This made it possible for hackers to recover access keys and passwords, especially for accounts on Binance.
Following its listing on the Chrome Store, the hackers launched a vigorous social media campaign to drive downloads of this fake Aggr app. They used a network of influencers, a strategy known as “shilling,” to advertise the dangerous software. The influencers convinced consumers that the product was necessary by flooding social-media feeds with trading lingo.
In this situation, the influencers seemingly disregarded the well-known crypto mantra “do your own research” (DYOR). It remains unclear whether the promoters were aware that the fake Aggr app compromised user security or if they were simply profiting from the attack.
The recent episode is part of a broader pattern of comparable attacks that make use of Chrome extensions. For example, another trader lost more than $800,000 in crypto last month as a result of utilizing two rogue Chrome browser extensions. The extensions, named Simple Game and Sync test BETA (colorful), were suspected to contain keyloggers intended to target wallet extension apps. A keylogger is a kind of malicious software that tracks every keystroke a user makes so the person who installed it may access the data.
The problem arose after a Chrome update forced the user to log out of all their tabs and extensions. After a Windows update caused the system to restart, the user unintentionally exposed their data by reentering their credentials, which included seed phrases for crypto wallets.
Afterward, funds were transmitted to the Gate.io and MEXC exchanges using the malicious extension. Investigations showed that Simple Game monitored tab activity, while Sync test BETA (colorful) was the keylogger that transferred data to an external PHP script. The harmful nature of the extensions was eventually detected by the user, despite the browser appearing to be functioning normally.
These incidents highlight the persistent threat posed by rogue Chrome extensions in the digital asset world. Users are strongly advised to practice DYOR and thoroughly verify any application before downloading it to better protect themselves from such cyber threats.
Major entities such as Coinbase Global Inc. (NASDAQ: COIN) in the crypto industry are likely to keep monitoring how hackers evolve and also update their security systems to adapt to those evolving threats.
About CryptoCurrencyWire
CryptoCurrencyWire (“CCW”) is a specialized communications platform with a focus on blockchain and the cryptocurrency sector. It is one of 60+ brands within the Dynamic Brand Portfolio @ IBN that delivers: (1) access to a vast network of wire solutions via InvestorWire to efficiently and effectively reach a myriad of target markets, demographics and diverse industries; (2) article and editorial syndication to 5,000+ outlets; (3) enhanced press release enhancement to ensure maximum impact; (4) social media distribution via IBN to millions of social media followers; and (5) a full array of tailored corporate communications solutions. With broad reach and a seasoned team of contributing journalists and writers, CCW is uniquely positioned to best serve private and public companies that want to reach a wide audience of investors, influencers, consumers, journalists and the general public. By cutting through the overload of information in today’s market, CCW brings its clients unparalleled recognition and brand awareness. CCW is where breaking news, insightful content and actionable information converge.
To receive SMS alerts from CryptoCurrencyWire, text “CRYPTO” to 888-902-4192 (U.S. Mobile Phones Only)
For more information, please visit https://www.CryptoCurrencyWire.com
Please see full terms of use and disclaimers on the CryptoCurrencyWire website applicable to all content provided by CCW, wherever published or re-published: https://www.CryptoCurrencyWire.com/Disclaimer
CryptoCurrencyWire
New York, NY
www.CryptoCurrencyWire.com
212.994.9818 Office
Editor@CryptoCurrencyWire.com
CryptoCurrencyWire is powered by IBN