On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.
The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.
Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.
In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,
“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:
SamsungGalaxyPlayer spotted the issue and stated:
“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”
Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.
MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.
PWPersian commented on Reddit:
“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”
Gattacus an enthusiastic Redditor commented:
Subscribe to AMBCrypto’s Newsletter
Is China’s Alibaba Group going to aquire Alibabacoin [ABBC]?
Ethereum [ETH] in the spotlight again; developers and the community talk updates
Litecoin [LTC/USD] Technical Analysis: The green zone turns red as the bear feasts on the wounded market
Cardano [ADA]’s Charles Hoskinson on EOS raising more capital than Cardano
Bitcoin Cash [BCH] is more viable than Bitcoin [BTC] says Co-Founder of Cyber Capital
Ripple partner Santander to adopt SWIFT GPI: What does it mean for XRP-powered xRapid?
Ripple partner Santander goes live with SWIFT’s Global Payments Innovation
Bitcoin [BTC] is not going to disappear, but Ethereum [ETH], XRP and others are “going bust”, says Roubini
Bitfinex pauses USD deposits after Bitcoin [BTC] drops: $2.3 billion at stake as insolvency rumors threaten USDT legitimacy
Tron [TRX/USD] Technical Analysis: The bulls have charged attack on the bear
XRP can now be used as collateral for $2 million instant loans
Tron [TRX] Foundation and Justin Sun announce a new partnership event
XRP, Ethereum [ETH] create ripples in cryptocurrency space; market wakes up to developments
Is Tron [TRX] planning to build its decentralized TronTube after the YouTube outage incident?