The Slovenia-based Bitcoin trading platform, Bitstamp , revealed in a Tweet that it had uncovered a Google Chrome extension that replaced all QR codes. It linked to BitcoinCT r: 8 addresses and then linked to the thief’s wallet. This is not the first time criminals have attempted to steal Bitcoin via Google Chrome extensions. Malicious Extension
On March 11, BitstampCT r: 350 released a Tweet that said it had discovered a Google Chrome extension called ‘BitcoinWisdom Ads Remover’ that “will try to steal your Bitcoin”: Be careful! We have uncovered a Chrome extension called BitcoinWisdom Ads Remover that will try to steal your #bitcoin . — Bitstamp (@Bitstamp) March 11, 2016 Members of the Bitcoin community were quick to investigate the claims, with Devon Weller, a cryptocurrency web app developer saying: “Confirmed. I looked at the source code. It replaces QR code images on bitcoin exchanges with its own addresses.” Reddit Investigates
Further investigation by Reddit user, /u/methamphetaminic, revealed some interesting developments. They discovered that the browser extension had about 200 bitcoin addresses hard-coded into it, but only 3 transactions had made their way to the scammer’s wallet; payments of 0.00433517 BTC from 1FosyhE1WvDxTBjA6e4a8N6yJ5MkZgDgUZ, 0.00186735 BTC from 1ExHFeLBKxmqtfi5mEd6ov6a5vBaBuHCYH, and of 0.07805963 BTC from 1MaUiURfN7pytCTC1FnHRSZ13N6AzXVszp, all of which took place in July 2015.
The Redditor surmised that these were probably test payments by the scammer to ensure his payment system worked. They also suggested that, given the lack of transactions going into the scammer’s wallet, the scamming operation can’t have been all that successful or profitable.
Interestingly, something not seen in previous Google Chrome extension scams , the extension didn’t simply try to replace all addresses and QR codes with the the scammer’s, but instead only targeted addressed on sites including bitstamp.net, btc-e.com, and hasnest.com. Some have suggested that the scammer probably […]
