On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.
The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.
Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.
In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,
“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:
SamsungGalaxyPlayer spotted the issue and stated:
“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”
Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.
MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.
PWPersian commented on Reddit:
“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”
Gattacus an enthusiastic Redditor commented:
Subscribe to AMBCrypto’s Newsletter
Co-Founder of Newly Launched ZBX Exchange Speaking at Stockholm Blockchain Forum
Bitcoin.org co-owner calls out Jack Dorsey; predicts CashApp will push censorship
Ethereum [ETH] dApp users drop as EOS and Tron dominate the market
World Blockchain STO Summit: 29 – 30 April 2019, Dubai, UAE
Bitcoin [BTC] and Ethereum [ETH] can be exchanged for Euros or Swiss Francs on MyEtherWallet
Bitcoin [BTC] developer Jimmy Song lists 3 reasons why Bitcoin SV [BSV] is a “scam”
Bitcoin [BTC] among cryptocurrencies enabled by new debit card launched by Australian Crypto exchange
Bitcoin [BTC]: Mt Gox redemption plan demonstrates the power of open source network, says Brock Pierce
Tron’s BitTorrent [BTT] hikes by a whopping 18%; airdrop concludes
Ripple allegedly offering attractive XRP packages as an incentive to prospective hires
- Press Release
A New Generation of Crypto-Exchange: ALL IN ONE Crypto-Exchange
- Bitcoin Cash
Bitcoin Cash [BCH] support rolled out by Coinbase custodial wallet app
Flash Hike: XRP pumps by 10% as most top-10 coins gleam green
Cryptocurrency Adoption: Institutional investors should consider cryptocurrencies, says pension and endowment adviser Cambridge Associates