Best crypto insights delivered straight to your inbox.
- OXK exchange warned users of a malicious plugin extension on the Firefox browser.
- The company reached out to Firefox to remove the fraudulent extension.
- Cryptocurrency wallets lost up to $1 billion through phishing scams in 2024.
OKX, a crypto exchange platform, has alerted users of a malicious OKX browser extension that has appeared on the Firefox browser plugin store. The add-on incorporates third-party functionality within the web browser interface.
While alerting the users, the exchange said that they hadn’t released any Firefox browser extensions and called on users who might have mistakenly downloaded the add-on to move any funds or digital assets in wallets connected to the malicious extension.
OKX further contacted Firefox to remove the applications before they harm users. OKX also further advised users to avoid downloading OKX-specific software from third parties.
Fraudulent browser plugins have been used to access sensitive data and often steal funds. Crypto criminals use the technique, also known as a phishing scam, to steal cryptocurrency. Certik reports that phishing was among the leading crypto scams in 2024.
Cybercriminals are executing vicious phishing scams
CertiK published Hack3d: The Web3 Security Report 2024, highlighting the most notorious cyber security threats to cryptocurrency in 2024. The report states that crypto investors lost over $1 billion in 296 phishing scams in 2024, accounting for a 21% YoY rise from 2023.
In September 2024, McAfee discovered malware known as SpyAgent on Android phones. The malware appeared like a legitimate Android application but was a scam that had affected over 280 fraudulent applications.
Using optical character recognition (OCR), SpyAgent scans images stored on Android’s memory and steals sensitive information, including cryptocurrency passcodes stored in the images.
The researchers at McAfee also noted that the malware replicated through text message links easily lured users to download the fraudulent app. This approach made it easiest for scammers to bypass the security features on Google’s app store.
Decentraland September X breach saw users scammed by phishing links
On September 19, 2024, Decentraland lost control of its X social media page. Hackers compromised the 3D virtual reality metaverse on the Ethereum network.
Cybercriminals use the platform to promote phishing links to followers. They advertised a fake MANA airdrop, which lured users to click the links. Anyone who clicked the link and connected their wallets saw their funds drained by the malware.
There has been no reports of exact figures stating how many people lost their funds to the fake OKX malware as of this writing.
If you're reading this, you’re already ahead. Stay there with our newsletter.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Nellius Irene
Nellius is a Business Management and IT graduate with five years of experience in the cryptocurrency industry. She is also a graduate of Bitcoin Dada. Nellius has contributed to leading media publications, including BanklessTimes, Cryptobasic, and Riseup Media.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)