If you have this Chrome extension your ETH is at risk!

By Roberto D. | CryptoFarm | 1 Jan 2020

An ethereum wallet known as a "shitcoin wallet" injects malicious code into users' devices.

It is an extension for chrome, the browser for google online browsing, and is injecting malicious code to steal the data of the users who installed it; the news started to circulate on twitter a couple of days ago thanks to a computer security expert (Harry Denley).

The malicious extension, Denley explained on twitter, targets Binance accounts, MyEtherWallet wallets, and other sites used mainly by the community to manage their cryptocurrencies; the code then searches for open browser windows containing Ethereum exchange web pages and network tools.

The malicious code does nothing but attempt to obtain the access credentials to those sites by taking them from the browser and, once the credentials are obtained, sends them to a remote server identified as "erc20wallet.tk", a top-level domain address belonging to Tokelau, a group of islands in the South Pacific that are part of the territory of New Zealand.

Obviously, when the extension was uploaded to the google store, it did not present any malicious code, only afterwards must it have been changed to steal user login credentials; it should therefore make us reflect that, just a few days before starting to launch JavaScript attacks, Shitcoin Wallet announced the launch of its new desktop app stating that it would have given 0.05 ETH to users who had downloaded and installed the app.

Honestly, it seems inconceivable to me that a community like that of cryptocurrencies, which is presumed to have a minimum of computer skills more than the average, can still take on this type of scam; first, therefore, it is up to everyone to remember that no one gives you anything and that even if there may be some sporadic case of promotions made by actually giving a few pennies to users, systematically adhering to this kind of initiative sooner or later you will inevitably end up compromising the security of your devices.

351665157-da104a7cdb940750acfdbe57922465372601b2ce5afe1877474c6d0e17a0dd1b.png

An image of what the extension looks like and what it requires

 

Of course, it could be said to always make the necessary checks before adhering to initiatives of this type, but the time necessary to make sure not to end up victims of a scam is not worth the few pennies that can be obtained; the other thing I don't understand is the common tendency to install all kinds of applications, extensions or software on their devices without a minimum of forethought.

It therefore seems to me appropriate to make a small summary of all the various precautions that should be taken when you regularly manage money using a computer, a smartphone and internet connections; first, therefore, it is necessary to prepare a device that is safe, on which we will not install any one but which we will keep only for the management of our money.

If possible, it is good practice to use more than one computer, one of which is intended only for work, and others to use it "more risky"; obviously on machines intended for those uses that are objectively more insidious do not run any type of password.

A separate discussion should be made for smartphones, here, for example, we should avoid using the same email that we use to authenticate ourselves on the various sites through which we manage our money; we also avoid downloading the apps for the management of home banking and if we really can not help managing our money on the move at least we have two devices, perhaps allocating a simple SIM data to the one we use to manage our money .

Clearly, instead of having two phones, one of which intended for the management of my cryptocurrencies, you could make use of hardware wallets; here too, it is a bad idea to accumulate all our coins on a single device, especially when the volumes of money we manage begin to grow.

In the same way if we need to always carry around a bit of bitcoin we use an ad hoc hardware wallet, on which we will deposit for example $100/200 for everyday uses; these are small precautions, within the reach of anyone, but which are still suitable for avoiding most of the scams in circulation.

For the last time therefore, always pay attention to the management of your cryptocurrencies!

Bitcoin (BTC) Ethereum (ETH) Scam fraud shitcoin

How do you rate this article?

0
Roberto D.
Roberto D.

Born, and still living, in Italy. Passionate about cryptocurrencies since I discovered ethereum in 2016 https://linktr.ee/robertod

CryptoFarm
CryptoFarm

All about crypto and airdrop

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
The DAILY SNAP Zone 024 - Scarlet Witch The DAILY SNAP Zone 024 - Scarlet Witch
Seven-NATE-Nine

Seven-NATE-Nine

3 Jun 2026
8 minute read

Earning £1M Through Crypto: Portfolio Trackers Earning £1M Through Crypto: Portfolio Trackers
Tiero

Tiero

10 hours ago
3 minute read

X: The World’s Largest Digital Psychiatric Experiment - How Elon Musk Turned Twitter Into a Real-Time Study of Human Psychology X: The World’s Largest Digital Psychiatric Experiment - How Elon Musk Turned Twitter Into a Real-Time Study of Human Psychology
Cryptonator`s

Cryptonator`s

1 Jun 2026
2 minute read