14 DAY TRIAL // A malicious Google Chrome extension that made it to the Chrome Web Store managed to steal at least $16,000 worth of cryptocurrency, according to a report.
The extension called “Ledge Secure,” which claims to serve as a cryptocurrency wallet inside Google Chrome, somehow managed to get past Google’s filters and end up being listed for download.
At least one user confirmed their crypto got stolen after installing the extension, albeit for the time being, it’s not known how many victims the bogus add-on actually made during the time it was available for download.
Decrypt reports that the extension scanned the device and sent the seed phrase to the extension’s author, pretty much allowing the malicious actor to steal any crypto. In the case of Twitter user known as “hackedzec,” the extension caused a loss of 600 ZEC, which is worth approximately $16,000.
Extension already banned
French company Ledger confirmed on Twitter the extension wasn’t a legitimate add-on and recommended users to avoid installing it on their devices.
“A Chrome extension malware has been detected called "Ledger Secure". This is NOT a legitimate Ledger application. DO NOT use it and contact us if you've installed it,” the company said on its Twitter support account.
At the time of writing, there are no details regarding the way the extension managed to extra the seed phrase and send it to the developer. However, the victim says they entered the seed phrase on the compromised computer two years before. The malicious purpose was discovered when the hacked user came across a file linking to the Twitter account the dev used for the extension.
Google has already removed the extension from the Chrome Web Store and everyone who installed it is recommended to check their wallets as soon as possible to make sure no crypto was stolen.