Chrome Extension Stealing Cryptocurrency Keys and Passwords

2020-01-03T12:09:30
ID SCHNEIER:B6AB0FA4CCEC1D961CEBEFEFC78E439F
Type schneier
Reporter Bruce Schneier
Modified 2020-01-03T12:09:30

Description

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords:

> According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. > > Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk. > > Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. This code steals login credentials and private keys, data that it's sent to the same erc20wallet[.]tk third-party website.

Another example of how blockchain requires many single points of trust in order to be secure.