Chrome Extension Could Be Vulnerable to Cryptocurrency Malware

The Cryptsy Dogecoin Live Ticker Chrome extension could be susceptible to malware monitoring visits to cryptocurrency exchanges or wallets.

AccessTimeIconApr 21, 2014 at 6:04 p.m. UTC
Updated Dec 12, 2022 at 1:43 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

A browser extension for Google Chrome is reportedly capable of stealing bitcoin and other altcoins from its users.

Called the 'Cryptsy Dogecoin (DOGE) Live Ticker' in the Chrome Web Store, the extension is susceptible to updates that begin monitoring visits to cryptocurrency exchanges and wallet sites. A representative from Cryptsy has told CoinDesk that the exchange is not affiliated with the extension in any way.

The warning about the extension was posted on reddit, along with the following advice:

"Be careful of what you install on your devices you use to access your wallets."

How it steals coins

Software within the extension monitors web activity and looks for users who go to exchange sites such as Coinbase. During a transaction, the extension attempts to replace the receiving address with one of its own.

A reddit user reported this happening in a withdrawal from cryptocurrency exchange MintPal, having had the extension installed.

Extensions or add-ons that are related to cryptocurrencies are a logical tool for would-be thieves, as cryptocurrency-related software is generally used by those who hold onto digital coins.

Malware on the rise

The presence of cryptocurrency-related malware is on an upward trend. The rising value of coins, coupled with the increasing number of altcoins has essentially created a new cottage industry, whereby malicious software tries to steal virtual money.

Dell SecureWorks released a report in February stating that it had identified almost 150 different strains of bitcoin-related malware.

Another sought-after method of malware infects a device and tries to generate coins by mining, which is not very effective given the specialized hardware now required to complete proof-of-work algorithms that reward miners.

Ultimately, it ends up being a huge resource drain for users' machines. Or, as in this instance, a seemingly useful tool like the Cryptsy Dogecoin Live Ticker ends up being used for nefarious purposes.

Protecting coins

To guarantee high levels of security, it's important to choose an exchange or wallet service that enables two-factor authentication. This method of verifying actions requires more than one device, which will decrease the chances of malware making changes to your transactions.

mar2014java

It might be better, though, to simply store coins in a brain wallet or paper wallet. Bitcoin Vigil, which monitors bitcoin theft, is a concept that may be useful for thwarting thieves, since storing coins on a local machine connected to the internet has vulnerabilities.

As Cryptsy Dogecoin Live Ticker demonstrates, it is probably better to simply stay away from add-ons and extensions on any computer used to store your coins.

Malware image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.