Fake Firefox Wallet Extension Enabled Cryptocurrency Theft: City Telegraph
Highlights:
- Cryptocurrencies valued at $ 4,000 were reportedly stolen from the user.
- The extension has already been removed from Firefox but a fake address is still active.
A fake Bitcoin and crypto wallet extension, Safepal, on Mozilla FireFox, was to blame for a user who allegedly lost thousands of dollars in crypto.
The complaint was made by user named Cali on September 11 in a Firefox support forum. There, he explained that after installing the extension and logging in with his data, when he went to check if the cryptocurrencies had been transferred correctly, he since his balance, surprisingly, was at zero .
âI was in shock, saw my last trades and realized that my cryptocurrencies worth $ 4,000 were being transferred to another wallet,â Cali explained.
The user expressed his dissatisfaction and although he did not disclose which cryptocurrencies were stolen , he raised several questions: “Isn’t there an auditing service that checks every add-on and tests it before it appears in the official Mozilla Firefox Add-ons store?” Can you take a look at this plugin before there are a lot of people getting ripped off? ”
Although their questions were not answered, Caitlin Neiman, head of the plugins community at Mozilla, indicated that they would discuss what had happened.
Finally, the victim of the alleged theft indicated that he contacted the police . âThey told me there was no way to find the hacker. The only solution I have left is that maybe some of you can help me find out who the hacker was and how I can get my funds back. ”
Extension out of service
The fake wallet extension is currently out of service. According to Firefox, extensions must be submitted to Mozilla for certification by the company before they can be installed in the release and beta versions.
The certification must give Firefox users assurance that an extension has not been tampered with and gives Mozilla the ability to block malicious extensions , according to the company. However, this was apparently a step that hackers or developers were able to accomplish even though it was a bogus expansion. (Read also: Cosmos (ATOM) vs Solana (SOL): who has the most potential?)
Safepal was not aware of the extension
Likewise, Cali assures that he contacted the developers of Safepal walletâ¯â¯ and they were “very shocked” because there is no auditing service that checks add-ons in Firefox.
Safepal was founded in 2018 and offers hardware and software portfolio services. It has 2 million users in 146 countries.
The company behind the cold wallet counts the famous Binance exchange among its largest investors and offers services for more than 20,000 cryptocurrencies and tokens.
Currently the address (https://safeuslife.com/tool/), created by the people behind the malicious extension, it is active and, when you try to enter, it asks for the 12 word recovery phrase for “link your SafePal wallet”.
It is important to remember the famous phrase “if these are not your keys, they are not your bitcoins”. Private keys are those that give access to your address in the blockchain and if they are provided in applications or in this case a fake extension, the user puts their cryptocurrencies at risk.
Recently, a company specializing in the manufacture of hardware wallets, analyzed the security systems used by the different software portfolios , and determined their degree of reliability and security.
Among other data, the study concluded that â¯PC software wallets are not very secure to protect bitcoins because they are very vulnerable to attack.