3.5 C
New York
Wednesday, January 25, 2023

Fake wallet extension in Firefox allowed cryptocurrency theft

Key facts:
  • Cryptocurrencies valued at $ 4,000 were allegedly stolen from the user.
  • The extension has already been removed from Firefox but a fake address is still active.

A bogus bitcoin and crypto wallet extension, Safepal, on Mozilla FireFox, was to blame for a user allegedly losing thousands of dollars in crypto.  

The complaint was made by the user named Cali, on September 11, in a Firefox support forum. There he explained that after installing the extension and logging in with his data, when he went to check if the cryptocurrencies had been transferred correctly, he saw that his balance, surprisingly, was at zero .  

“I was in a state of shock, I saw my last transactions and I realized that my cryptocurrencies valued at USD 4,000 were transferred to another wallet,” explained Cali.  

The user expressed his displeasure and although he did not reveal which cryptocurrencies had been stolen , he did raise several questions “Is there no audit department that checks each add-on and tests it before it appears in the official Mozilla Firefox add-on store? Can you take a look at this plugin before there are a lot of people getting scammed? ”  

Although their questions were not answered, Caitlin Neiman, Plugin Community Manager at Mozilla, reported that they would discuss what happened.  

Finally, the victim of the alleged robbery indicated that he contacted the police . “They told me there is no way they can track down the hacker. The only solution I have left is that maybe some of you can help me find out who the hacker was and how I can get my funds back. ” 

Extension out of service 

The fake wallet extension is currently out of service . According to Firefox, extensions must be submitted to Mozilla for certification by the company before they can be installed in the release and beta versions. 

The certification should guarantee Firefox users the assurance that an extension has not been tampered with and gives Mozilla the ability to block malicious extensions , according to the company. However, this apparently was a step that hackers or developers were able to accomplish even though it was a bogus extension.   (Also Read: Cosmos (ATOM) vs Solana (SOL): which has more potential?)

Safepal was not aware of the extension 

Likewise, Cali assures that it contacted the developers of the Safepal wallet   and they were “very shocked” because there is no audit department that is verifying the add-ons in Firefox. 

Safepal was founded in 2018 and offers hardware and software wallet services. It has 2 million users in 146 countries.  

The company behind the cold wallet has as one of its most important investors the renowned exchange Binance and offers services for more than 20,000 cryptocurrencies and tokens.  

Currently the address ( https://safeuslife.com/tool/ ), created by the people behind the malicious extension, is active and, when trying to enter, it asks for the 12-word recovery phrase to “pair your SafePal Wallet” . 

It is important to remember the famous phrase “if they are not your keys, they are not your bitcoins”. The private keys are those that give access to your address in the blockchain and if they are supplied in applications or in this case to a false extension, the user puts their cryptocurrencies at risk.  

Recently, a company specialized in the manufacture of hardware wallets, analyzed the security systems used by the different software wallets , and determined how reliable and secure they could be.   

Among other data, the study concluded that PC software wallets are not very secure to protect bitcoins , as they are quite vulnerable to attacks.

Latest Posts

Don't Miss

Stay in touch

To be updated with all the latest news, offers and special announcements.