🚨 A compromised version of the Chrome-based proxy extension SwitchyOmega has been stealing private keys from crypto wallets, putting over 500,000 users at risk, analysts at #SlowMist warn. #Crypto #CoinectraX #Security #Chrome |   www.coinectrax.com/news

The breach started when a phishing email targeted a Cyberhaven employee, an AI-powered data security company, resulting in the injection of harmful code into the extension. The phishing email falsely claimed that Cyberhaven’s browser extension violated Google‘s policies and threatened removal unless immediate action was taken, a March 12 research report shows.

SlowMist explained that the attacker used OAuth to access the Cyberhaven account, enabling them to upload the compromised extension version (24.10.4). As the extension was updated, users unknowingly installed the malicious code.

The malicious version of the extension appears to have been capable of stealing sensitive data, including private keys and mnemonic phrases from crypto wallets. It remains unclear though how many of the 500,000 affected users were exposed to the exploit. Analysts at SlowMist have advised users to check the installed extension IDs to ensure they match the official version.

Attacks on crypto traders through browser extensions aren’t anything new as bad actors have been trying to exploit them for a while now.