Connect with us

Altcoins

Monero [XMR] wallets compromised as hackers target MEGA Chrome extension

Ajay Narayan

Published

on

Monero [XMR] wallets compromised as hackers target MEGA Chrome extension
Source: Unsplash

On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.

Latest version of MEGA Chrome extension was hacked | Source: Twitter

The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.

Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.

In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.

Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,

“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”

MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:

Latest version of MEGA Chrome extension was hacked | Source: Twitter

SamsungGalaxyPlayer spotted the issue and stated:

“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”

Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.

MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.



PWPersian commented on Reddit:

“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”

Gattacus an enthusiastic Redditor commented:

“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github https://github.com/meganz/chrome-extension There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. pure speculation though”





Subscribe to AMBCrypto’s Newsletter




Follow us on Telegram | Twitter | Facebook



Ajay Narayan is a full-time journalist at AMBCrypto. He has majored in Economics, Political Science and Sociology. His interests are inclined towards writing and investing in cryptocurrencies.

Bitcoin

John McAfee says he will reveal Nakamoto’s identity, Coinbase expands to 11 countries, and more

Priya

Published

on

By

John McAfee says he will reveal Nakamoto's identity, Coinbase expands to 11 countries, and more
Source: Unsplash

Daily Crypto News – April 18

1. John McAfee on Satoshi Nakamoto: The Founder of McAfee Associates stated that he would narrow down on the identity of Satoshi Nakamoto until he reveals Satoshi himself, otherwise he would reveal his identity to the crypto community. He also spoke about how he knows about Satoshi, to read about it, click here!

2. Coinbase expands its services to more countries: The leading exchange platform announced that it expanding its services to 11 more countries, which includes India, South Korea, and New Zealand. People in these countries can avail services provided on Coinbase.com, Coinbase Pro and its app on iOS and Android.

To know more about the countries Coinbase has expanded to, click here!

3. Craig Wright says the crypto-community want to silence him: Craig Wright, the self-proclaimed Satoshi Nakamoto, stated that the majority of the community was against him as they “desire to silence” him because they see someone who would bring an end to scams and pumps and dumps.

He also spoke about the next steps he would be taking in terms of the legal action concerning his defamation case. To read about it, click here!



4. Binance “marks the birth of a new genesis block”: The largest cryptocurrency exchange in terms of trade volume announced the launch of its Decentralized Exchange, and also stated that the mainnet swap would take place on 23 April 2019.

To read more about Binance DEX, click here!





Subscribe to AMBCrypto’s Newsletter


Continue Reading

Trending