A malicious crypto wallet extension has been spotted on the official Chrome Web Store, actively stealing the seed phrases of unsuspecting users. The fraudulent extension, named Safery: Ethereum Wallet, cleverly disguises itself as a legitimate tool while operating a hidden backdoor designed to drain digital assets. This discovery highlights a significant threat to the security of cryptocurrency holders, as many rely on browser-based wallets for convenience. The malicious extension managed to climb the rankings on the Chrome Web Store, reaching the number four spot in the crypto wallet category, which likely gave it an air of legitimacy and increased its potential victim pool. The way the scam operates is particularly insidious. The Safery wallet appears to function normally, allowing users to create a new wallet or import an existing one using a standard twelve or twenty-four-word seed phrase. It performs all the expected actions, such as displaying the user’s public address and allowing them to check their balance. This normal behavior is key to the scam, as it builds trust and encourages the user to deposit funds. However, behind the scenes, the extension is running a separate, malicious script. This script continuously monitors the user’s activity. The critical moment occurs when a user enters their seed phrase, either during the initial wallet setup or when restoring an existing wallet. At that point, the malicious script captures the sensitive recovery phrase. The stolen seed phrase is then immediately transmitted to a server controlled by the attacker. With the recovery phrase in their possession, the criminals have complete and unrestricted access to the user’s wallet and all the cryptocurrencies held within it. They can then transfer the funds to their own addresses at any time, often leaving the victim with an empty wallet and no way to recover their assets. This method of attack is especially dangerous because it bypasses many common security practices. The extension is downloaded from the official Chrome Web Store, which many users trust implicitly. It does not require any extra permissions that would raise red flags, as it operates within the expected scope of a crypto wallet extension. The incident serves as a stark reminder that even software distributed on official platforms can be malicious. Users are advised to exercise extreme caution when selecting and installing any cryptocurrency-related browser extension. It is crucial to only use extensions from well-known, reputable developers with a long and verifiable track record. Researching the developer and reading user reviews from multiple sources is a necessary step before installation. Furthermore, for maximum security, experts often recommend using a dedicated hardware wallet for storing significant amounts of cryptocurrency. Hardware wallets store a user’s private keys offline on a physical device, making them immune to this type of online malware and phishing attack. Browser extensions, while convenient for frequent transactions, should be used with caution and should not be considered a secure place for long-term storage of valuable digital assets. The presence of such a sophisticated scam on a major platform like the Chrome Web Store underscores the ongoing battle against crypto-related fraud and the constant need for user vigilance in the digital asset space.
