Market

The fake SafePal wallet add-on in Firefox “rips off” users’ cryptocurrencies

As reported by Bleeping Computer, dozens of Firefox users have fallen victim to an add-on masquerading as a valid extension of the SafePal cryptocurrency hardware wallet.

One of the victims, named Cali, was shocked to find that all of the money had gone into the pockets of the scammers:

“I’m in shock … I looked at my recent transactions and found that $ 4,000 of my money had been transferred to another wallet. I can’t believe it’s an add-on implemented in Mozilla Firefox’s add-on list. “

It is not clear how many Firefox users were affected after downloading the malicious extension. It has been active since mid-February before it was recently removed.

A spate of negative reviews from disgruntled users should have been a red flag.

Source: Beeping Computer

While investigating the malicious Firefox add-on, Bleeping Computer discovered the phishing domain used by this add-on. This site, https://safeuslife.com/tool/, is also listed on the fake add-on homepage as a link to the “Support Site”.

Whois records show that the phishing site was registered through Namecheap in January of this year. At the time of writing, the website is still active and instructing victims to enter a “recovery phrase to pair your SafePal Wallet”.

Source: Beeping Computer

But when the recovery phrase is entered and the form submitted, the page simply refreshes with no apparent response. The recovery phrase is silently sent to the attacker.

Stolen recovery phrases could give attackers control of wallets and the ability to access and transfer funds.

The user is tricked into claiming that the police are unable to track down the hacker.

Hacks and scams are still prevalent in the crypto industry. According to the report by Bitcoin magazine, Bitcoin.org, the first Bitcoin website registered by Satoshi Nakamoto, was hacked 4 days ago.

With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online.

Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews

Annie

According to U.today

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page

But when the recovery phrase is entered and the form submitted, the page simply refreshes with no apparent response. The recovery phrase is silently sent to the attacker. Stolen recovery phrases could give attackers control of wallets and the ability to access and transfer funds. The user is tricked into claiming that the police are unable to track down the hacker. Hacks and scams are still prevalent in the crypto industry. According to the report by Bitcoin magazine, Bitcoin.org, the first Bitcoin website registered by Satoshi Nakamoto, was hacked 4 days ago. With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online. But when the recovery phrase is entered and the form submitted, the page simply refreshes with no apparent response. The recovery phrase is silently sent to the attacker. Stolen recovery phrases could give attackers control of wallets and the ability to access and transfer funds. The user is tricked into claiming that the police are unable to track down the hacker. Hacks and scams are still prevalent in the crypto industry. According to the report by Bitcoin magazine, Bitcoin.org, the first Bitcoin website registered by Satoshi Nakamoto, was hacked 4 days ago. With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online. With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online.

o the report by Bitcoin magazine, Bitcoin.org, the first Bitcoin website registered by Satoshi Nakamoto, was hacked 4 days ago. With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online. With the increasing presence of malicious actors on online platforms, users should be careful when specifying security phrases or transferring cryptocurrencies online.

Annie

Championing positive change through finance, I've dedicated over eight years to sustainability and environmental journalism. My passion lies in uncovering companies that make a real difference in the world and guiding investors towards them. My expertise lies in navigating the world of sustainable investing, analyzing ESG (Environmental, Social, and Governance) criteria, and exploring the exciting field of impact investing. "Invest in a better future," I often say. That's the driving force behind my work at Coincu – to empower readers with knowledge and insights to make investment decisions that create a positive impact.