Browser Extensions Can Steal KYC Data, Alter BTC Transactions
- According to Casa CEO Jeremy Welch, Innocent-seeming browser extensions can be used by hackers to steal your data.
Crypto thieves are nothing if not creative. Social engineering, Cryptojacking Cryptojacking Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Read this Term, viruses, phishing, exit scams, honey pots--all of these are an all-too-common part of the cryptocurrency landscape. Now, crypto hackers may have found yet another way to illicitly gain access to your coins: browser extensions.
According to Casa CEO Jeremy Welch, who spoke at the Baltic Honeybadger conference over the weekend, “browser extensions impose major risks, and these risks haven’t been discussed until this point.” Casa is a cryptocurrency custody firm that specializes in building multi-signature solutions for high-volume hodlers.
13 Threats To Your Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term@jeremyrwelch talking through typical risks a bitcoiner is exposed to
+ bonus research on a vulnerability we recently discovered https://t.co/cmAWDth3qP#bh2019 pic.twitter.com/qvYbfpa5Vz — Alena Vranova (@AlenaSatoshi) September 15, 2019
Browser extensions can covertly steal KYC data, alter Bitcoin transactions
Indeed, regardless of your browser settings extensions may have the ability to “spy” on you and gather a wealth of personal data--data that can be accessed and used by malicious forces. For example, scammers who gain access to browser history may use it to target internet users who frequent online cryptocurrency exchanges or access their cryptocurrency wallets through the web.
Browser extensions can also be used to gather KYC information: name, birthdate, address, even social security numbers. Welch specifically mentioned that this data could be used to access multi-signature wallets supplied by US-based custody service Unchained Capital, which asks for KYC information. Finance Magnates reached out to Unchained Capital, but the company had not responded at press time.
CoinDesk reported that Welch then demonstrated how an extension that had the expressed purpose of providing wallpapers with inspiring quotes would identify and steal personal data as internet users filled in KYC forms: “the malware stole graphical data, like a photo of your driver’s license, which is captured as a code and then easily decoded, providing an actual picture of your ID document to hackers.
The same wallpaper extension was also capable of altering receiving cryptocurrency addresses for Bitcoin wallets so that transactions sent through online wallets would be received by hackers.
Welch said that there’s no easy solution to this particular problem, but that it’s something that developers need to be aware of “we all need to be discussing this issues more, because we’re not even in the phase yet when real attacks will be taking place.”
Finance Magnates interviewed Casa's head of strategy, Alena Vranova, earlier this year. To hear that interview, click here.
Crypto thieves are nothing if not creative. Social engineering, Cryptojacking Cryptojacking Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Cryptojacking is defined as the unauthorized use of an individual’s computer to mine cryptocurrency. Hackers accomplish this feat by through several means.This includes obtaining access via malicious links in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.Consequently, this crypto mining code is able to work out of sight of unsuspecting victims, often without notice. The on Read this Term, viruses, phishing, exit scams, honey pots--all of these are an all-too-common part of the cryptocurrency landscape. Now, crypto hackers may have found yet another way to illicitly gain access to your coins: browser extensions.
According to Casa CEO Jeremy Welch, who spoke at the Baltic Honeybadger conference over the weekend, “browser extensions impose major risks, and these risks haven’t been discussed until this point.” Casa is a cryptocurrency custody firm that specializes in building multi-signature solutions for high-volume hodlers.
13 Threats To Your Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term@jeremyrwelch talking through typical risks a bitcoiner is exposed to
+ bonus research on a vulnerability we recently discovered https://t.co/cmAWDth3qP#bh2019 pic.twitter.com/qvYbfpa5Vz — Alena Vranova (@AlenaSatoshi) September 15, 2019
Browser extensions can covertly steal KYC data, alter Bitcoin transactions
Indeed, regardless of your browser settings extensions may have the ability to “spy” on you and gather a wealth of personal data--data that can be accessed and used by malicious forces. For example, scammers who gain access to browser history may use it to target internet users who frequent online cryptocurrency exchanges or access their cryptocurrency wallets through the web.
Browser extensions can also be used to gather KYC information: name, birthdate, address, even social security numbers. Welch specifically mentioned that this data could be used to access multi-signature wallets supplied by US-based custody service Unchained Capital, which asks for KYC information. Finance Magnates reached out to Unchained Capital, but the company had not responded at press time.
CoinDesk reported that Welch then demonstrated how an extension that had the expressed purpose of providing wallpapers with inspiring quotes would identify and steal personal data as internet users filled in KYC forms: “the malware stole graphical data, like a photo of your driver’s license, which is captured as a code and then easily decoded, providing an actual picture of your ID document to hackers.
The same wallpaper extension was also capable of altering receiving cryptocurrency addresses for Bitcoin wallets so that transactions sent through online wallets would be received by hackers.
Welch said that there’s no easy solution to this particular problem, but that it’s something that developers need to be aware of “we all need to be discussing this issues more, because we’re not even in the phase yet when real attacks will be taking place.”
Finance Magnates interviewed Casa's head of strategy, Alena Vranova, earlier this year. To hear that interview, click here.