TheCryptoUpdates
CryptoCrypto NewsCrypto ScamsGeneral NewsNews

GreedyBear Hackers Steal $1M in Crypto Through Fake Firefox Extensions

GreedyBear Hackers Steal $1M in Crypto Through Fake Firefox Extensions

So, it turns out this hacker group called GreedyBear has pulled off a pretty insane crypto heist—stealing over $1 million by slipping malicious code into normal-looking Firefox extensions.

Here’s what they did: they’d first upload harmless tools, like screen recorders or video downloaders. Once a bunch of people installed them, they quietly pushed out updates that could grab users’ wallet info. It’s something called extension hollowing, and honestly, it’s scary how subtle it is. These extensions even had fake 5-star reviews to make them look legit.

Once the malicious update was live, it started targeting wallet data from MetaMask, TronLink, Phantom, and a few others. The stolen credentials were then sent straight to their servers—just like that.

Koi Security, the firm that looked into all this, said that GreedyBear also used malware-laced files and fake wallet-related websites to trap users. Some of these phishing sites looked like official pages, which made it even harder to tell what was real.

Also—this is kinda wild—a good chunk of the code in their malware seems to have been AI-generated, which maybe explains how they pulled this off at scale without being noticed for so long. Oh, and now similar stuff is popping up on Chrome and Edge too.

Conclusion

At this point, even browser extensions aren’t safe anymore. If you’re into crypto, just… be extra careful. Always double-check what you’re downloading—and if something feels off, it probably is.

Loading

Related posts

Creditors Claim FTX Was Silent For Exchange Reboot Plans

Mridul Srivastava

ClawHub marketplace hosts 1,184 malicious skills targeting crypto wallets

Timm

Rephrase the title:Wikipedia Founder Bashes Bitcoin, Igniting Strong Responses From Prominent Crypto Figures

Mridul Srivastava