Chrome and Firefox Users Hit by Coordinated Crypto Credential Theft Campaign
Published at:2025年07月03日 19:31
Views:579
A sophisticated cyberattack campaign is targeting users of Google Chrome and Mozilla Firefox browsers to steal cryptocurrency credentials, according to security researchers. Chrome users face risks from a critical zero-day vulnerability, while Firefox users are being attacked through malicious browser extensions.
On July 1, cybersecurity experts discovered 45 fraudulent Firefox extensions posing as legitimate crypto wallets from prominent platforms including MetaMask, Coinbase, Trust Wallet, and Phantom. Koi Security researcher Yuval Ronen revealed these extensions actively steal users' wallet credentials and private data.
The attackers employed sophisticated tactics, first building trust through positive reviews and realistic branding before inserting malicious code. Some cloned open-source wallet projects, adding harmful functionality while maintaining normal operation to avoid detection.
"These extensions directly harvest wallet credentials from target websites and exfiltrate the data to attacker-controlled servers," explained Koi Security. "During initialization, they also collect victims' IP addresses, likely for targeting purposes."
This campaign, active since April 2025, represents just one vector in an escalating wave of crypto thefts. In May 2025 alone, Coinbase reported a breach affecting over 70,000 customers.
Security Recommendations:
1. Install extensions only from verified publishers
2. Treat browser extensions with same caution as full software
3. Use tools that restrict installation to validated extensions
4. Regularly monitor for unexpected ownership changes
5. Consider hardware wallets for additional security
Experts warn that despite growing awareness, millions remain vulnerable to such attacks due to the sophisticated social engineering techniques employed by hackers.
On July 1, cybersecurity experts discovered 45 fraudulent Firefox extensions posing as legitimate crypto wallets from prominent platforms including MetaMask, Coinbase, Trust Wallet, and Phantom. Koi Security researcher Yuval Ronen revealed these extensions actively steal users' wallet credentials and private data.
The attackers employed sophisticated tactics, first building trust through positive reviews and realistic branding before inserting malicious code. Some cloned open-source wallet projects, adding harmful functionality while maintaining normal operation to avoid detection.
"These extensions directly harvest wallet credentials from target websites and exfiltrate the data to attacker-controlled servers," explained Koi Security. "During initialization, they also collect victims' IP addresses, likely for targeting purposes."
This campaign, active since April 2025, represents just one vector in an escalating wave of crypto thefts. In May 2025 alone, Coinbase reported a breach affecting over 70,000 customers.
Security Recommendations:
1. Install extensions only from verified publishers
2. Treat browser extensions with same caution as full software
3. Use tools that restrict installation to validated extensions
4. Regularly monitor for unexpected ownership changes
5. Consider hardware wallets for additional security
Experts warn that despite growing awareness, millions remain vulnerable to such attacks due to the sophisticated social engineering techniques employed by hackers.
Related Tags
Cybersecurity
Crypto theft
Browser extensions
Phishing
Wallet security