加密货币投资者因恶意 Chrome 扩展程序损失 80 万美元

一名加密货币投资者在成为两个恶意 Google Chrome 扩展程序的受害者后损失了 80 万美元。这些扩展程序被称为“同步测试测试版”和“简单游戏”，据信充当了键盘记录程序，损害了受害者的敏感信息。该事件凸显了保持 Chrome 更新并警惕可疑扩展程序的重要性。

Chrome Extension Attack Siphons $800,000 from Cryptocurrency Investor

Chrome 扩展程序攻击从加密货币投资者那里窃取了 800,000 美元

A devastating cyberattack has left a cryptocurrency investor reeling after malicious Chrome extensions drained over $800,000 from their digital wallets. The victim, identified only as "Sell When Over" on the social platform X, has sounded the alarm, highlighting the insidious nature of these extensions masquerading as keyloggers.

恶意 Chrome 扩展程序从数字钱包中窃取了超过 80 万美元，一场毁灭性的网络攻击让一位加密货币投资者感到震惊。受害者在社交平台 X 上仅被识别为“Sell When Over”，他拉响了警报，强调了这些伪装成键盘记录器的扩展程序的阴险本质。

Discovery of the Breach

发现违规行为

The investor initially noticed a $500,000 shortfall in multiple wallet applications, prompting an immediate investigation. They soon realized the full extent of the compromise, amounting to a staggering loss of $800,000. Suspecting a breach in their Google Chrome browser, they delved deeper, uncovering a sinister plot that targeted specific crypto wallet extensions.

该投资者最初注意到多个钱包应用程序存在 50 万美元的缺口，因此立即展开调查。他们很快就意识到了妥协的全部内容，损失高达 800,000 美元。由于怀疑 Google Chrome 浏览器遭到破坏，他们进行了更深入的研究，发现了一个针对特定加密钱包扩展的险恶阴谋。

Keyloggers Targeting Cryptocurrency Activity

针对加密货币活动的键盘记录程序

The investor's suspicions were confirmed when they identified two suspicious extensions: "Sync test beta" and "Simple Game." The latter was discovered to be monitoring tab activities and communicating with an external PHP script. A keylogger, the "Sync test BETA" extension, had compromised sensitive information, including wallet seed phrases.

当投资者发现两个可疑扩展程序时，他们的怀疑得到了证实：“同步测试测试版”和“简单游戏”。后者被发现正在监视选项卡活动并与外部 PHP 脚本进行通信。键盘记录程序“Sync test BETA”扩展程序泄露了敏感信息，包括钱包助记词。

Circumstances of the Attack

袭击的情况

Several weeks prior to the attack, the investor had postponed a Google Chrome update. However, a mandatory Windows update forced a system restart, causing Chrome to relaunch with all tabs disappeared and extension logins reset. The victim, unaware of the impending danger, re-entered their credentials and manually reimported seed phrases from a separate secure device. Unbeknownst to them, the keylogger had already infiltrated their system, silently siphoning funds in the background.

攻击发生前几周，投资者推迟了 Google Chrome 的更新。然而，强制性的 Windows 更新强制系统重新启动，导致 Chrome 重新启动，所有选项卡消失，扩展程序登录重置。受害者没有意识到迫在眉睫的危险，重新输入了他们的凭据，并从单独的安全设备手动重新导入了助记词。他们不知道的是，键盘记录程序已经渗透到他们的系统中，在后台悄悄地吸走资金。

Missed Red Flags

错过危险信号

The victim failed to notice any unusual browser behavior following the restart, with their virus scanner indicating no issues. The subtle nature of the attack, coinciding with a major Chrome update, led them to dismiss the tab reset as a consequence of the software update.

受害者在重新启动后没有注意到任何异常的浏览器行为，他们的病毒扫描程序也没有显示任何问题。这次攻击的微妙性质，与 Chrome 的重大更新同时发生，导致他们忽略了软件更新导致的选项卡重置。

Lessons Learned

得到教训

The investor has shared their costly experience as a cautionary tale, urging others to remain vigilant against malicious extensions. They emphasized the need for meticulous scrutiny of any anomalies that prompt seed phrase input, advocating for a complete system wipe as a first line of defense.

这位投资者分享了他们代价高昂的经历作为警示，敦促其他人对恶意扩展保持警惕。他们强调需要对任何提示种子短语输入的异常情况进行仔细审查，并主张将完整的系统擦除作为第一道防线。

Ongoing Investigation

正在进行的调查

The stolen funds have been reportedly transferred to MEXC and Gate.io exchanges. Law enforcement agencies are investigating the incident, determined to track down the perpetrators responsible for this brazen cybertheft.

据报道，被盗资金已转移至 MEXC 和 Gate.io 交易所。执法机构正在调查这一事件，决心追查这起明目张胆的网络盗窃案的肇事者。

Importance of Cybersecurity Awareness

网络安全意识的重要性

This incident underscores the critical importance of cybersecurity awareness and vigilance in the digital age. Investors, particularly those handling significant crypto assets, must prioritize robust security measures to safeguard their funds. Regular software updates, secure password management, and comprehensive virus protection are essential safeguards against malicious actors lurking in the shadows of the internet.

这一事件凸显了数字时代网络安全意识和警惕的至关重要性。投资者，特别是那些处理重要加密资产的投资者，必须优先考虑采取强有力的安全措施来保护其资金。定期软件更新、安全密码管理和全面的病毒防护是防范潜伏在互联网阴影下的恶意行为者的重要保障。