Users of browser extensions from the Chrome Web Store should beware. An Ethereum wallet can steal your security keys without your knowledge.
An Ethereum wallet to avoid on the Chrome Web Store
The analysis site Socket reported the news this week. It highlighted a seemingly secure browser extension: Safery. This is an Ethereum wallet, which describes itself as “a reliable and secure browser extension” for managing assets linked to this blockchain.
Released a year ago, this extension contains a backdoor that allows users’ recovery phrases to be captured:
[Safery] contains a backdoor that exfiltrates seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a Sui wallet controlled by a malicious actor.
At the time of writing, Safery is still ranked 4th when searching for “Ethereum wallet” on the Chrome Web Store:
A seemingly normal wallet
This extension is dangerous because it appears to do what it is supposed to do. According to Socket’s report, Safery allows users to create accounts, import addresses, view recent activity, and send ETH. Users can therefore use it without realizing the danger.
According to the analysis, this scam method is effective and inexpensive for malicious actors to implement, so it is likely to be used again:
This technique allows malicious actors to change blockchains and RPC access points with very little effort, making it difficult to detect based on specific domains, URLs, or extension identifiers.
Browser extensions should generally be treated with caution, and this is especially true when entrusting them with your funds. When in doubt, we recommend using a recognized extension and treating any security promises with suspicion.
This is also an opportunity to remind users that keeping cryptocurrencies in a “hot” wallet can be dangerous. It is advisable to use a cold wallet to store the majority of your assets, transferring only what you need.
