Warning to users of browser extensions from the Chrome Web Store: An Ethereum wallet can steal your private keys without you even noticing.
An Ethereum wallet to avoid on the Chrome Web Store
The analysis site Socket reported the news this week. It highlighted a browser extension that appears secure: Safery. It is an Ethereum wallet that describes itself as “a reliable and secure browser extension” for managing assets linked to this blockchain.
Released a year ago, this extension contains a backdoor that captures users’ recovery phrases:
[Safery] contains a backdoor that exfiltrates seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a Sui wallet controlled by a malicious actor.
At the time of writing, Safery is still ranked 4th when searching for “Ethereum wallet” on the Chrome Web Store:
The malicious Safery wallet, to be avoided on the Chrome Web Store
A seemingly standard wallet
This extension is dangerous because it appears to do exactly what it’s supposed to do. According to Socket’s report, Safery does indeed allow users to create accounts, import addresses, view recent activity, and send ETH. A user could therefore use it without realizing the danger.
According to the analysis, this scam method is effective and inexpensive for malicious actors to implement, so we should expect it to be reused:
This technique allows attackers to switch blockchains and RPC endpoints with very little effort, making it difficult for detection methods relying on specific domains, URLs, or extension identifiers to catch them.
Browser extensions should generally be treated with caution, and this is especially true when entrusting them with your funds. When in doubt, we recommend using a reputable extension and treating any security promises with skepticism.
This is also a good opportunity to remind readers that keeping cryptocurrencies in a “hot” wallet can be dangerous. It is advisable to use a cold wallet to store the majority of your assets, transferring only what you need.
