Chrome Add-on Steals Bitcoin With Social Engineering, QR Codes Vulnerable

Chrome Add-on Steals Bitcoin With Social Engineering, QR Codes Vulnerable

12 March 2016 – A popular browser plugin for Chrome was found to be surreptitiously stealing Bitcoin from its users today. The add-on’s exploit was discovered by the people at Bitstamp, and confirmed by developer Devon Weller. Bitstamp followed the discovery with an announcement on Twitter warning users to uninstall the plugin and let other’s know about its malicious code. The add-on is called “BitcoinWisdom Ads Remover” and it marks the first serious Bitcoin exchange security breach that doesn’t rely on targeting the central service as a point of failure.


Related News

Chrome Extension Could Be Vulnerable to Cryptocurrency Malware

A browser extension for Google Chrome is reportedly capable of stealing bitcoin and other altcoins from its users. Called the 'Cryptsy Dogecoin (DOGE) Live Ticker' in the Chrome Web Store, the extension is susceptible to updates that begin monitoring visits to cryptocurrency exchanges and wallet sites. A representative from Cryptsy has told CoinDesk that the exchange is not affiliated with the extension in any way. The warning about the extension was posted on reddit, along with the following advice: "Be careful of what you install on your devices you use to access your wallets." How it....

Bitstamp Uncovers Bitcoin-Stealing Chrome Extension

The Slovenia-based Bitcoin trading platform, Bitstamp, revealed in a Tweet that it had uncovered a Google Chrome extension that replaced all QR codes. It linked to Bitcoin addresses and then linked to the thief’s wallet. This is not the first time criminals have attempted to steal Bitcoin via Google Chrome extensions. Malicious Extension. On March 11, Bitstamp released a Tweet that said it had discovered a Google Chrome extension called ‘BitcoinWisdom Ads Remover’ that “will try to steal your Bitcoin”: Members of the Bitcoin community were quick to investigate the claims, with Devon....

KryptoKit False Alarm Reveals Chrome's Love For Bitcoin

KryptoKit was removed from Chrome on Tuesday in error. KryptoKit, the Chrome extension that functions as an encrypted messenger and Bitcoin wallet, suddenly had its security privilege revoked Tuesday morning. The extension was removed from Chrome for less than an hour, but in the digital currency world this type of action can irreparably harm a product's reputation - especially for a browser extension which can access the most sensitive user data. As users awoke to find their favorite extension had been removed from Google Chrome, they took to social media fearing the worst. Fortunately,....

Bitcoin Companies Can Fight Social Engineering Attempts With Pindrop

Various companies all over the world are looking to come up with new methods to prevent fraud from taking place in the financial industry. While plastic card payments are a major threat when it comes to fraud, there are other factors to take into consideration as well. Social engineering is playing an ever-increasing role of importance these days, and Pindrop wants to prevent companies from being scammed over the phone. Bitcoin users can benefit from these efforts as well. Pindrop Raises Another US$75m in Funding. Preventing individuals and companies from falling victim to fraud and....

BitcoinTalk Server Compromised During Social Engineering Attack

Popular digital currency forum BitcoinTalk has been taken offline following a social engineering attack that resulted in a server compromise. The attack is said to have targeted the site's ISP, a company called NFOrce that is based in the Netherlands. During a social engineering attack, an attacker tries to manipulate the target with the goal of convincing them to divulge passwords or other sensitive information. The compromise was announced via the official BitcoinTalk Twitter account. Operator Theymos later took to the bitcoin subreddit to offer a more detailed explanation, writing: "The....