Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert & block trade
Convert crypto with one click and zero fees
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security
Chrome extension compromise puts crypto wallets at risk, analysts warn

Chrome extension compromise puts crypto wallets at risk, analysts warn

Crypto.NewsCrypto.News2025/03/11 16:00
By:By Denis OmelchenkoEdited by Dorian Batycka

Researchers have uncovered a breach in a widely-used Chrome extension SwitchyOmega that exposes users to private key theft.

A compromised version of the Chrome-based proxy extension SwitchyOmega has been stealing private keys from crypto wallets, putting over 500,000 users at risk, analysts at SlowMist warn.

The breach started when a phishing email targeted a Cyberhaven employee, an AI-powered data security company, resulting in the injection of harmful code into the extension. The phishing email falsely claimed that Cyberhaven’s browser extension violated Google ‘s policies and threatened removal unless immediate action was taken, a March 12 research report shows.

Chrome extension compromise puts crypto wallets at risk, analysts warn image 0 Fake version of Proxy SwitchyOmega | Source: SlowMist

SlowMist explained that the attacker used OAuth to access the Cyberhaven account, enabling them to upload the compromised extension version (24.10.4). As the extension was updated, users unknowingly installed the malicious code.

The malicious version of the extension appears to have been capable of stealing sensitive data, including private keys and mnemonic phrases from crypto wallets. It remains unclear though how many of the 500,000 affected users were exposed to the exploit. Analysts at SlowMist have advised users to check the installed extension IDs to ensure they match the official version.

Attacks on crypto traders through browser extensions aren’t anything new as bad actors have been trying to exploit them for a while now.

In September 2024, analysts at cybersecurity firm Group-IB revealed that the notorious North Korean hacking gang Lazarus Group, known for its sophisticated cyber campaigns against the crypto industry, has intensified its efforts to target crypto professionals and developers through fake video apps and expanding its targeting of browser extensions.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!