On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.
The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.
Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.
In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,
“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:
SamsungGalaxyPlayer spotted the issue and stated:
“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”
Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.
MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.
PWPersian commented on Reddit:
“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”
Gattacus an enthusiastic Redditor commented:
Subscribe to AMBCrypto’s Newsletter
Ripple official claims that in time banks will adopt cryptocurrencies but before that it will be small companies
Ripple to lay xCurrent base in India? Industry player talks about partnership
Litecoin [LTC/USD] Technical Analysis: Bear’s hunger for bulls reflected in price trend
Winklevoss Twins launch new app; say they are “at home” with the crypto-winter
Ethereum’s [ETH] Vitalik Buterin talks about non-financial applications of blockchain in a tweetstorm
BREAKING: Ripple class-action lawsuit rolls ahead; plaintiffs place new demand
XRP to $589 proponent and rumored Ripple insider Bearableguy123 resurfaces: Can 1635x growth occur in 28 days?
Bitcoin [BTC] futures on Nasdaq confirmed by company executive; to be launched in first half of 2019
Ripple CEO responds to NYSE Chairman’s comment on digital assets
XRP twitter army blocked by Dogecoin [DOGE] creator after facing backlash to his comment on Ripple
XRP ecosystem blooms as the year ends; Ripple, r3 leave animosity behind and more
Bitcoin Cash [BCH] ABC to be delisted from all exchanges, says Bitcoin SV [BSV]’s Calvin Ayre
Cardano [ADA] creates record by becoming 4th biggest loser in terms of trading price against all-time high
Tron [TRX]’s weekly report: New multi-signature wallet underway, Accelerator program gains momentum