Researchers have uncovered a breach in a widely-used Chrome extension SwitchyOmega that exposes users to private key theft.

A compromised version of the Chrome-based proxy extension SwitchyOmega has been stealing private keys from crypto wallets, putting over 500,000 users at risk, analysts at SlowMist warn.

The breach started when a phishing email targeted a AI驅動的數據安全公司Cyber​​haven員工，導致將有害代碼注入擴展名。 3月12日的研究報告顯示，網絡釣魚電子郵件錯誤地聲稱Cyber​​haven的瀏覽器擴展程序違反了Google的政策，並威脅要刪除，除非採取了立即採取的措施，否則3月12日的研究報告顯示。

slowmist解釋說，攻擊者使用OAuth訪問Cyber​​haven帳戶，使他們能夠上傳受損的擴展版本（24.10.4）。隨著擴展的更新，用戶在不知不覺中安裝了惡意代碼。

該擴展的惡意版本似乎能夠竊取敏感數據，包括來自加密貨幣錢包中的私鑰和助記符。尚不清楚500,000名受影響的用戶中有多少人接觸到了漏洞。 Analysts at SlowMist have advised users to check the installed extension IDs to ensure they match the official version.

Attacks on crypto traders through browser extensions aren’t anything new as bad actors have been trying to exploit them for a while now.

In September 2024, analysts at cybersecurity firm Group-IB revealed that the notorious North Korean hacking gang Lazarus Group, known由於其針對加密貨幣行業的複雜網絡運動，它加劇了其針對加密貨幣P的努力通過假視頻應用程序並擴展其對瀏覽器擴展的目標。