Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Cryptocurrency holders are being warned against a Chrome extension for Ledger hardware wallets that allegedly contains malware that steals their seed phrases.
Twitter user and software architect WizardofAus (@BTCSchellingPt) has warned cryptocurrency holders against a Chrome extension for Ledger crypto wallets that allegedly contains malware.
In a tweet posted on Jan 2., WizardofAus claimed that:
âMalware Chrome extension alert. If you have "Ledger Secure" installed - REMOVE IT. The @ChromeExtension "Ledger Secure" contains malware that passes your seed phrase back to the extension's author. This is *not* a @Ledger product. Successfully used against @hackedzec.â
â@hackedzecââs Twitter handle was notably created in Jan. 2020; both the handleâs novelty and the chosen name suggest that he created the account specifically to spread awareness following his experience of the malware.
The official Ledger Support Twitter handle confirmed the detection of the extension malware on Jan. 2, using the header âPHISHING ALERT.â
Former Trezor executive and contributor to the âLittle Bitcoin Bookâ Alena Vranova retweeted WizardofAusâ tweet with the comment: âanother proof that the word âsecureâ does not imply security.â
Learning from othersâ expensive mistakes
In WizardofAusâ account, 600 in Zcash (ZEC) â worth roughly $16,000 by press time â was stolen from @hackedzecâs holdings in his Ledger Nano by the Chrome extensionâs creator.
Referring to Casa founder Jeremy Welchâs warnings last year against browser extension malware at the Bitcoin (BTC) event Baltic HoneyBadger in Riga, WizardofAus outlined the risks posed by these products â and what users can do to protect themselves:
âFirstly, be very careful what extensions you install. If you're using the same computer for your crypto as you use generally, be extra diligent. Better to have a separate minimal machine - or use a Virtual Machine that is the only place you do crypto activity.â
Other due diligence includes using only the wallet vendorâs proprietary software â in this case, Ledgerâs â and double-checking that it really comes from the vendorâs website via a secure link.
Users can also verify the checksum of the downloaded file before running the software. A checksum, also known as a hash, is a hexadecimal number that is unique to the installer .exe file created by the author. The downloaded file, assuming it has not been tampered with by a third party, should match the checksum on the vendorâs site.
Browser risks
Just two days ago, Cointelegraph reported on an Ethereum (ETH) wallet Chrome browser extension known as âShitcoin Walletâ that has reportedly been injecting malicious javascript code from open browser windows to steal data from its users.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.