An Ethereum wallet extension on Chrome has been discovered to steal user data, including login credentials to some popular crypto platforms. Known as Shitcoin Wallet, it keeps track of all the private keys for its users and also injects their computers with malicious code.
The wallet’s irregularities were discovered by Harry Denley, the director of security at MyCrypto, a tool that lets you interact with the blockchain.
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md
— harry.eth 🦊💙 (whg.eth) (@sniko_) December 31, 2019
Shitcoin Wallet was launched last December 9. The team behind the wallet described it as a secure web wallet that comes with several extensions for different browsers. It allows users to store ETH and other ERC-20 tokens as well. Users can install a browser extension or download a desktop application, if they desire added security and privacy.
However, as Denley revealed, this wasn’t all it was doing. The wallet’s extension secretly sends all the private keys to the wallets created on the platform to a third party website. With these private keys, the third party can access the crypto stored on the wallets freely and at will.
The Chrome extension has since been taken down. However, it was already installed over 600 times. A few of the users had already noticed something was amiss, with poor reviews on Chrome and complaints on Shitcoin Wallet’s Telegram page.
“It steals your login data and your tokens do not download it is a scam,” says one disgruntled user. Another user on Telegram stated “It is a virus ransomware encrypting your files and ask for money.”
Shitcoin Wallet has yet to come out and clarify its position on the accusations. While it’s possible that it was a scam all along—the name itself is quite suspicious—it’s also possible that a third party compromised the Chrome extension.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.