Be ultra careful with browser extensions or risk being crypto scammed

Image for post
Image for post

Casa CEO Jeremy Welch warned the audience at the Baltic Honeybadger conference in Riga this weekend about the dangers of browser extensions and how they can help scammer steal your crypto.

“Browser extensions impose major risks, and these risks haven’t been discussed until this point,” Welch said. As he pointed out, extensions can gather a wealth of data, which can be leaked, stolen, and used by scammers.

What is a browser extension?

Your browser history is one example. And through it scammers can find your online habits, including your crypto-related site visits

Welch warned, “Make sure you don’t expose your bitcoin addresses anywhere.”

He also explained that some browser extensions capture users KYC information and can leak it to scammers. Welch said the only major multisig system that requires KYC at the moment is the one supplied by Unchained Capital and he warned the audience against the most commonly-used consumer software that gathers identity data.

As an example, Welch demonstrated how an extension providing wallpapers with inspiring quotes or other content was actually stealing data as you filled in KYC forms. And he demonstrated that the software also extracts graphical data, like a photo of your driver’s license, which is captured as a code and then easily decoded, providing an actual picture of your ID document to hackers.

All this happens without the user being aware. Pointing to a pretty wallpaper screen, Welch said, “You’ve got a nice background here and you don’t realize that your browser is actually dumping data.”

Furthermore, The same wallpaper extension can alter a receiving address when you’re trying to send your crypto to somebody else (or to yourself), sending it to a scammer’s wallet instead.

And as Welch also said, this type of browser extension software is very widely used, yet nobody appears to know about the dangers. As he said, “It’s terrifying, right? We all are using browser extensions all the time.”

There is no easy solution, Welch says. Developers can only keep building better tools that will make users’ experience safer and better. So, next time you think about using a new application, remember that no matter how careful you are, there are things happening in the background that are gathering your data. Just don’t give them too much information.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store