Google Takes Down Malicious Chrome Extensions that Steal Cryptocurrency Wallet Credentials

Share Article
In Brief
  • Google has shut down malicious chrome extensions that steal crypto wallet credentials.

  • The extensions posed as legitimate crypto wallet apps like Ledger and Trezor

  • Researchers believe these extensions are affiliated with a Russian group

  • promo

    Claim a $200 reward with 3 simple steps — only on Bybit!

The Trust Project is an international consortium of news organizations building standards of transparency.

Google has done a little spring cleaning in its Chrome Web Store leading to the removal of a swath of malicious cryptocurrency-stealing app extensions in a single sweep.



The internet giant has shut down 49 malicious Chrome extensions from the app marketplace. The extensions were found to have been stealing cryptocurrency keys and wallet details from users.

Google Targets Bogus Crypto Wallet Apps

The malicious extensions were discovered by Harry Denley, the Director of Security at the MyCrypto platform. Denley told ZDNet that most of these extensions are camouflaged as legitimate wallet apps. However, they contain malicious code that enables them to steal private keys, mnemonic phrases, and other relevant information.



Denley clarified that some of the prominent wallet apps that these clones mimic include Trevor, KeepKey, Ledger, Exodus, and MyEtherWallet. These fake extensions all work identical to the original apps, but any details that customers enter on the fake extensions are immediately sent to the attackers’ server.

He also added that the extensions appear to have been developed by a cybercrime group which he suspects to be from Russia.

The security executive also pointed out that most of the thefts don’t happen immediately. Per an experiment he carried out, he realized that the hackers don’t actually steal funds as soon as they get the login credentials. He argues that it’s either the attackers haven’t gotten a grasp of how to automate their processes (and as such, is manually accessing each account), or they’re more interested in stealing from high-value targets alone.

Significant Threat to the Safety of the Industry

The threat of fake browser extensions in the crypto space has always been a prominent one. Last month, Ledger warned its users about a fake Chrome extension wreaking havoc and stealing funds.

According to the French cryptocurrency wallet manufacturer, the malicious browser extension was requesting users’ recovery seeds, which would then be used to access their accounts.

The fake extension in question tried to mimic Ledger Live, an extension that allows users to sync their Ledger wallets with a trusted device and approve transactions in Chrome.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Related topics

Based in the United Kingdom, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills, having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for blockchain regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.

Follow Author

$200 reward waiting for you — Deposit, Trade, Follow and Claim today!


Limited offer! Learn to mine and trade crypto today for free