An Ethereum wallet extension on Chrome has been discovered to steal user data, including login credentials to some popular crypto platforms. Known as Shitcoin Wallet, it keeps track of all the private keys for its users and also injects their computers with malicious code.
The wallet’s irregularities were discovered by Harry Denley, the director of security at MyCrypto, a tool that lets you interact with the blockchain.
⚠️ A browser crypto wallet is injecting malicious JS to steal secrets from @myetherwallet @idexio @binance @neotrackerio @SwitcheoNetwork
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md— {harry,whg}.eth 🦊💙 (@sniko_) December 31, 2019
Shitcoin Wallet was launched last December 9. The team behind the wallet described it as a secure web wallet that comes with several extensions for different browsers. It allows users to store ETH and other ERC-20 tokens as well. Users can install a browser extension or download a desktop application, if they desire added security and privacy.
However, as Denley revealed, this wasn’t all it was doing. The wallet’s extension secretly sends all the private keys to the wallets created on the platform to a third party website. With these private keys, the third party can access the crypto stored on the wallets freely and at will.
The wallet’s extension also injects malicious JavaScript code once its users visit five popular crypto platforms. These are MyEtherWallet, Binance, IDEX, Switcheo and NeoTracker.io. Once the code executes, it gives the malicious party the ability to access and steal login credentials to these sites. This data is also sent to the same website as the private keys.
The Chrome extension has since been taken down. However, it was already installed over 600 times. A few of the users had already noticed something was amiss, with poor reviews on Chrome and complaints on Shitcoin Wallet’s Telegram page.
“It steals your login data and your tokens do not download it is a scam,” says one disgruntled user. Another user on Telegram stated “It is a virus ransomware encrypting your files and ask for money.”
Shitcoin Wallet has yet to come out and clarify its position on the accusations. While it’s possible that it was a scam all along—the name itself is quite suspicious—it’s also possible that a third party compromised the Chrome extension.
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
