Browser Extensions Can Help Scammers Steal Your Bitcoin: Casa CEO – CoinDesk

CoinDesk

Browser extensions can help scammers steal your crypto Casa CEO Jeremy Welch warned the audience at the Baltic Honeybadger conference in Riga this weekend.

“Browser extensions impose major risks, and these risks haven’t been discussed until this point,” Welch said.

Extensions can gather a wealth of data, which can be leaked, stolen, and used by scammers. One example is browser history, which can expose users’ online habits, including crypto-related site visits.

How To Get Free Crypto  

“Make sure you don’t expose your bitcoin addresses anywhere,” Welch warned.

Another thing to keep in mind is that some extensions capture users’ KYC information and can leak it to scammers. The only major multisig system that requires KYC at the moment is the one supplied by Unchained Capital, Welch said. He warns against commonly-used consumer software that gathers identity data.

As an example, Welch demonstrated how an extension providing wallpapers with inspiring quotes or other content was actually stealing data as you filled in KYC forms. The malware stole graphical data, like a photo of your driver’s license, which is captured as a code and then easily decoded, providing an actual picture of your ID document to hackers.

Quiet data thefts

All this is happening on the background, without the user noticing.

“You got a nice background here and you don’t realize that your browser is actually dumping data,” Welch said.

The same wallpaper extension can alter a receiving address when you’re trying to send your crypto to somebody else (or to yourself), sending it to a scammer’s wallet instead. The ubiquity and popularity of browser extensions makes the situation quite dangerous, Welch noted:

“It’s terrifying, right? We all are using browser extensions all the time.”

Even if a user is very careful and selective in what they’re using, the software can be upgraded and get new, unsafe features without a consumer noticing, Welch added.

Coinbase Banner  

Welch noted that many well-known applications are gathering personal data including password managers, text editing app Grammarly, Joule extension for in-browser Lighting transactions, and the Lolli bitcoin-earning extension.

The solution? There is no easy one, Welch says. Developers can only keep building better tools that will make users’ experience safer and better.

“We all need to be discussing this issues more, because we’re not even in the phase yet when real attacks will be taking place.”

Welch added that Casa is planning to publish more security research soon and encouraged bitcoin developers and entrepreneurs to approach the company and share their concerns and ideas on how to address security issues.

Image of Jeremy Welch by Anna Baydakova for CoinDesk

Go to Source
Author: Anna Baydakova


Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

FreeBitcoin Banner  

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.