New BTC and ETH Hack: Sketchy Browser Extentions!
A new hack has appeared targeting user’s Bitcoin and Ethereum.
The trick is a hack is manipulating the copy/paste function of your computer.
A user posting on /r/bitcoin describes their experience.
“I hope my story will help some of you to never repeat my mistake.
I just got scammed the way I never even thought is possible ( some of you might heard about this but I never heard until today).
Decided to cash some money out thru Coinbase, logged-in and copied BTC wallet address thru built-in Copy function as it shows on the screenshot below.
Logged in Binance to sent the BTC to Coinbase and just pasted the address from the buffer without second thought. Pushed the transaction. 1hour later I realized that its different address and only first 4 symbols are same. Somehow my copy-paste buffer changed the address from right one to wrong one.
Money lost. No way to recover it. Please dont repeat my mistake do not blindly trust to copy-paste buffer , your computer could be infected with malware that swaps addresses and it will be too late when you realize that.”
Essentially, a virus originating from a sketchy browser extension tricks your computer’s copy/paste function, changing the address that is pasted into metamask or another crypto extension's withdrawal address into the hacker’s wallet. The user posted the hacker’s address here.
The virus changes your desired address into their own, changing only a few values so it is easily mistook for the desired address.
Commenters speculate the browser extension in question is either an Instagram image downloader, or an Onlyfans video downloader. As per this post here. The samething happened to this user, but with Ethereum.
This second user’s wallet “address” was listed as fraudulent. The user didn’t know why. It turns out, a browser extension was tricking them into thinking they were sending funds to their wallet, when in fact it was a hacked version of that wallet, one with similar portions of the address but actually not the real address.
The second user listed the following extensions on their browser:
“Honey (coupon), Lolli (cash back in Bitcoin), Metamask, BetaFlight (drones), KISS GUI (drones), Instagram downloader, Onlyfans downloader.”
So it is highly recommended that you do not download random extensions on your browser. If you will do that, do not use that browser for sending cryptocurrency.
While many BTC advocates will claim that this irreversibility of transactions if a strength of BTC, I think that’s a joke. The ease of ‘hacking’ a user to sending BTC to a thief’s address reflects an obvious weakness of the asset. Yes, this particular hack could be defeated simply by checking an address fully before sending it. But that developers have not been able to use the autonomous nature of Bitcoin, while implementing what would be considered basic security measures to prevent these scams, speaks to the continued danger of this asset.
We can’t expect it to grow into a global reserve asset of the internet if you can lose an entire fortune because of a single-character type.