Scammers are using browser extensions – from text editing apps to wallpaper – to steal your Bitcoin, according to Casa CEO Jeremy Welch.
Speaking to an audience at the Baltic Honeybadger conference in Riga this weekend, Welch focused on the hazards involved in everyday internet activities and online transactions that can leave a trail of valuable data in the hands of criminals.
He also talked about the rise in physical attacks on Bitcoin holders who are at risk since such attacks, if concluded, make it hard for victims to retrieve their stolen Bitcoin due to the irreversible nature of the blockchain.
In a slide show presentation, Welch lists 13 ways bad actors can hijack your crypto.
He also illustrates a number of scenarios – from rogue employees to SIM card hijacking to comprised KYC data – demonstrating why Bitcoin and crypto investors need to stay vigilant.
According to Welch,
“Browser extensions pose major risks and it’s especially for web apps. We think the risks around browser extensions are being under-discussed at this point and we want to raise that discussion a little bit. How major are these risks?”
The demos in his presentation show how easily data can be dumped from extensions into nefarious hands that can ultimately lead to loss of funds. The data dump can include a string of Bitcoin addresses from searches to Blockchain.info, among other websites.
“People don’t think that much about – all my browsing history is in my browser – but it can be piped out into an external server.”
“We all need to be discussing these issues more, because we’re not even in the phase yet when real attacks will be taking place.”