HomeCryptoBitcoinCrypto Cash Back: a new Chrome extension that steals Bitcoin

Crypto Cash Back: a new Chrome extension that steals Bitcoin

A new Google Chrome extension used to steal bitcoin (BTC) was recently discovered, it is called CryptoCashBack (CCB).

Fortunately, it was properly removed from the Google store.

The extension was interested in stealing crypto, including BTC, ETH, BCH, BNB, LTC, XRP and ETC.

Once installed, CryptoCashBack required the access to several websites and services like Github, Exmo, Coinbase, Binance, HitBTC, LocalBitcoins and other famous exchanges and platforms.

The extension was so powerful that, depending on the website, it was able to steal all the credentials including the 2FA code, thus managing to bypass even the security needed when one wants to withdraw their cryptocurrencies from a wallet or an exchange.

In fact, analyzing the code of the extension, it can be seen that the data (login and password) were saved on the string “localStorage.getItem”, which sent them directly to the website of the hacker without this operation being visible or blocking the hacked website.

The various addresses where the stolen cryptocurrencies were redirected have been traced:

  • BTC – 16EegrNMdZ9Rxku6Za5neEFjMW57wkQr1S
  • ETH – 0x03b70dc31abf9cf6c1cf80bfeeb322e8d3dbb4ca
  • BCH – 1PCh7w6LdcEv1sWd5wtvkELHcWe5HumUi3
  • LTC – LRPChoyN8qLWENjo1dUjk2bESZjE7bQ6sP
  • BNB – 0x03B70DC31abF9cF6C1cf80bfEEB322E8D3DBB4ca
  • XRP – rGmdGrMjvxt6S3VjF4M78U2YMLPR6XLPSN
  • ETC – 0x4F53C9882Ba87d2D7c525dF2aEF2540EFB6e32e5

The damage is for a total of over 23 BTCs accumulated since the launch of the extension on December 3rd.

Both the extension and the website (with the relative addresses of the authors) have been taken offline, so now there is no longer the risk of becoming a victim of the fraud.

Google has also warned the exchanges of the incident to take action.

For those affected, the only way to be safe again is to change all the credentials of your wallets and exchanges.

Alfredo de Candia
Alfredo de Candia
Android developer da oltre 8 anni sul playstore di Google con una decina di app, Alfredo a 21 anni ha scalato il Monte Fuji seguendo il detto "Chi scala il monte Fuji una volta nella vita è un uomo saggio, chi lo scala due volte è un pazzo". Tra le sue app troviamo un dizionario di giapponese, un database di spam e virus, il più completo database sui compleanni di serie Anime e Manga e un database sulle shitcoin. Miner della domenica, Alfredo ha una forte passione per le crypto ed è un fan di EOS.