🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

Crypto investor gets $800k drained from his wallets in 46 hours

In this post:

  • Crypto investor “Sell When Over” lost $800k due to a suspected Google Chrome compromise involving malicious extensions.
  • Delayed browser updates and unrecognized malware may have facilitated the hack, leading to unauthorized access.
  • Two suspicious extensions, “Sync Test Beta” and “Simple Game,” were identified, with the former acting as a keylogger.

A crypto investor, going by the moniker Sell When Over, turned to Twitter to break down an alarming ordeal where a hacker siphoned off $800k from his crypto wallets within a mere 46-hour timeframe. The main problem seems to revolve around a potential Google Chrome exploit, facilitated possibly through delayed updates or undetected malware, leading to the unauthorized installation of malicious extensions.

The Unraveling of Security Layers

Sell When Over recounted how he deferred a Chrome update only to be nudged into it by a subsequent Windows update. Post-restart, Chrome’s alterations were immediate: Vanished tabs and reset extension logins. This anomaly forced him to re-import his wallet seeds—a process he meticulously carried out from a secondary, uncompromised device.

However, it was the discovery of two peculiar extensions, “Sync Test Beta” and “Simple Game,” coupled with an unsolicited activation of auto-Korean translation, that hinted at a deeper compromise. Intriguingly, one specific wallet app, spared the re-import process, remained unaffected, pinpointing the breach’s origin to a singular compromised PC.

See also  Bitcoin has been billed as the people's money, but is it as decentralized as they want you to believe?

Further digging into these extensions revealed alarming functionalities. “Sync Test Beta,” a vividly colored extension, was identified as a keylogger, secretly transmitting data to an external PHP script. On the other hand, “Simple Game” seemed to monitor browser tab activities. Sell When Over lamented the hindsight wisdom of a complete PC wipe at the slightest anomaly, especially when such peculiarities coincide with significant updates like Chrome’s UI overhaul.

A Costly Lesson in Digital Vigilance

As the thread expanded, Sell When Over unveiled a critical security lapse—a Google login breach linked to an obscure Windows device, possibly spoofing a familiar device name to bypass early detection. This breach was traced back to a VPS hosted by Kaopu Cloud, notorious within hacker circles for its role in various cyber misdemeanors. Despite having two-factor authentication (2FA) enabled, the attacker navigated around it, leaving the exact breach method—ranging from OAuth phishing to cross-site scripting—a matter of speculation.

The incident served as a brutal wake-up call, with Sell When Over sharing several key takeaways:

  1. Disappointment in Bitdefender’s failure to detect any threats, contrasting Malwarebytes’ effectiveness.
  2. A warning against complacency in security, regardless of the amount of crypto handled.
  3. A stern advice against entering seed phrases under any guise, advocating for a fresh system setup instead.
  4. Abandoning Chrome for more secure browsers like Brave.
  5. The importance of device segregation, especially for crypto transactions.
  6. Regular monitoring of Google Activity alerts.
  7. Recommendations to disable extension syncing, especially on devices designated for crypto.
  8. An acknowledgment of 2FA’s limitations.
  9. The necessity for routine security audits and procedural updates to ward off latent threats.
See also  New Solana staking coin M3M3 on Meteora draws investments, but unstaking may be a problem

Amidst financial loss, Sell When Over clarified that his hardware wallet remained secure, dismissing any speculation around tax evasion motives behind this revelation. Despite a portion of the stolen funds beginning to be laundered, a hopeful $150k bounty was offered for their return, alongside considerations for a bounty-based forensic investigation.

The saga concluded on a note of continued vigilance, especially against the backdrop of Google’s questionable decision to thread security alerts—a move that potentially masked the intrusion.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Share link:

Disclaimer: The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan