MEGA Chrome extension, a tool that reduces page loading times and provides cloud storage services has been compromised, according to recent reports. The official Twitter account of the anonymous Monero (XMR) digital currency has warned its users to avoid using the extension, as doing so would put their tokens in danger of being stolen.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero || #xmr (@monero) September 4, 2018
Other members of crypto Twitter were soon to follow with their own reports, as not only tokens but other sensitive information, such as usernames and passwords was at risk for those who were unfortunate enough to update their MEGA Chrome extension.
!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!
LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.
Version: 3.39.4
It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz
— SerHack (@serhack_) September 4, 2018
The 3.39.4 version of the extension was the one breached by hackers and a notable Monero developer confirmed these claims, warning his followers that both XMR and ETH private keys could be stolen with the updated software.
Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed. https://t.co/fpVK11zZ9Z
— Riccardo Spagni (@fluffypony) September 4, 2018
** MEWS ALERT **
We're getting reports that the latest version of the MEGA Chrome Extension was hacked.
We suggest you uninstall it immediately, for your own safety! 👆🏾🧐 https://t.co/Z5Kh7aDSXd
— MyEtherWallet | MEW (@myetherwallet) September 4, 2018
MEGA was pretty fast to react, implementing a fix (version 3.39.5) four hours after the breach was first reported. The company placed some of the blame on Google in the official blog post, saying that, “We would like to apologize for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow and cryptographic signatures where possible. Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise.“
The MEGA team also confirmed it was looking into the incident and trying to determine those behind the attack.
According to one Reddit user, he became wary after updating the software, after a request for new permission. u/gattacus went into more detail before saying that, “To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though.“
The extension is unavailable in the Chrome Store at press time and has been temporarily disabled for users who have already installed it.
This is not the first time of hackers turning to browser extensions to illicitly obtain virtual currencies. A Chrome extension of the popular VPN service Hola was hacked a couple of months ago. Users, who updated their VPN service during the five hours of vulnerability, exposed their MyEtherWallet information and activity after being redirected to a fake website by the hackers. Last year, a group of Russian hackers infected over 9,000 computers with crypto mining malware. Unsuspecting users mined XMR, Zcash and a number of other privacy-oriented tokens.
Image Source: “Flickr”
I have been following the crypto markets since mid 2017, just in time to witness the incredible surge of the digital asset industry. Fascinated by the potential of blockchain technology I’ve started to dig deeper and that’s how I ended up meeting the Toshi Times team. I hold a Political Science degree, therefore the crypto regulation development is particularly interesting for me. I’m also heavily involved with music, running my own label, a YouTube channel and working with distribution. People call blockchain the ‘Fourth Industrial Revolution’ and I believe it will change our daily lives in the coming years and we will have the front row seats to witness it.