Shady Chrome Extension Steals $16,000 Worth of Cryptocurrency

Browser extensions have become just as essential as the browser itself. They provide various features and functionality that the browser natively does not provide for. All of this only makes it a no-brainer for the users to install tons of extensions to make their day to day life easier while browsing the internet.

Recently, it has been discovered that a Chrome extension could potentially steal your cryptocurrency. Cryptocurrency is a digital medium of exchange that utilizes cryptography to secure any financial transactions. Imagine your country’s best Bank with the best everything – protection, adaptability, conversion, but working only in the digital space. That’s cryptocurrency.

The extension called ‘Ledge Secure’ is advertised as a cryptocurrency wallet extension for Google Chrome. However, it sneaked into the accounts, and has exploited vulnerabilities, and therefore was able to steal the currency.

How did it work?

Once given access to your device, Ledge Secure scans it and carries the seed phrase back to the extension’s developer. A seed phrase is like the password for your bitcoins. It is a list of words used to store the information needed to recover bitcoins by accessing that account.

However, it is still not known how the extension managed to extract the seed phrase from the device it was installed on.

How many users have been affected?

At the time of this article, only one person has been affected by this extension. A person, who goes by the Twitter handle ‘hackedzec’, who had installed this extension which caused him to lose around 600ZEC, which approximates to $16,000.

What was done to control this?

Now, before we hate on this ‘Ledge Secure’, it is pertinent to note that the French company Ledger, (that deals with cryptocurrencies) has informed the public that the extension is not their product. They posted to their Twitter handle that ‘Ledge Secure’ was not legitimate and informed users to not install it.

“A Chrome extension malware has been detected called “Ledger Secure”. This is NOT a legitimate Ledger application. DO NOT use it and contact us if you’ve installed it. You can help by reporting the extension” they state in their Twitter post.

Additionally, Google has already removed this extension from the Chrome Web Store. So it is requested that everyone who has installed it on their devices remove it as soon as possible and check that their account has not been compromised.

Sreemitra Somanchi
A tech enthusiast with an itch to write. She is Interested in Consumer Technology in any form factor. She lives on the Google side of the world.

2 COMMENTS

  1. Wow interesting share, thank you! The featured image is a bit confusing as “anonymous” usually goes out of their way to hack for good, not evil. Haven’t you ever seen V for Vendetta?

LEAVE A REPLY

Please enter your comment!
Please enter your name here