Chuyển đến nội dung chính

Beware of “Safery: Ethereum Wallet” Chrome Extension — How It Secretly Hijacks Your Seed Phrase

 In a troubling development for the cryptocurrency community, security researchers at Socket Security (often referred to simply as “Socket”) have uncovered a malicious browser extension on the Google Chrome Web Store called “Safery: Ethereum Wallet”, which masquerades as a legitimate Ethereum‑wallet utility but is designed to steal users’ seed phrases and grant attackers full access to the victims’ assets.



What’s going on?

  1. The extension promises to be a “trusted and secure utility for managing Ethereum assets easily and efficiently.”

  2. In reality, upon installation, the extension contains a sophisticated backdoor. When a user either creates a new wallet or imports an existing one via their seed phrase (i.e., the BIP‑39 mnemonic), the extension triggers tiny microtransactions on the Sui blockchain to send encrypted versions of the seed phrase to attacker‑controlled addresses.

  3. Specifically, Socket’s analysis shows that when a seed is entered, the extension encodes the mnemonic into synthetic Sui addresses, then sends tiny amounts of SUI (e.g., 0.000001 SUI) from these addresses. By tracing the on‑chain data and decoding the seed fragments, attackers can reconstruct the full mnemonic and drain the compromised wallet.

  4. Alarmingly, the extension was ranked fourth in search results for “Ethereum Wallet” in the Chrome‑Web‑Store, appearing right behind well‑known legitimate wallets such as MetaMask, Wombat Wallet and Enkrypt — thereby having a high likelihood of being picked by unsuspecting users.

Why this is dangerous

  • A seed phrase (or “mnemonic phrase”) is the ultimate key to a cryptocurrency wallet: whoever has it controls the funds.

  • Because the attacker obtains the seed before any large balance might be deposited (or immediately after import), they obtain full access and can drain funds at will.

  • The microtransaction approach is clever — the individual transactions may appear innocuous and easily overlooked by users, yet they encode and transmit the stolen data.

  • Because the extension impersonates a normal wallet extension, users may not suspect wrongdoing until it’s too late.

Key red‑flags that users should watch

  • An extension with a generic or poor branding/name that tries to masquerade as a major wallet but lacks credible identity. (In this case, “Safery: Ethereum Wallet” had minimal reviews and a weak developer profile.)

  • Absence of an official website, weak or non‑existent support, and only generic contact info (e.g., Gmail addresses).

  • Grammar/spelling errors, or generic marketing language like “trusted and secure” without verifiable audits or credible developer credentials.

  • Presence of unexpected on‑chain microtransactions taking place shortly after wallet creation or import, especially on blockchains you didn’t knowingly use (e.g., Sui).

  • Being easily discoverable (high ranking/popularity) yet lacking traction or visibility among well‑known crypto‑wallet communities or reviews.

Action steps & how to protect yourself

  • If you ever installed “Safery: Ethereum Wallet” (or any extension with suspicious signs), immediately remove it from Chrome and any other browsers.

  • If you used it to create a wallet or import an existing wallet seed phrase, treat that wallet as now compromised. Transfer the funds immediately (if any remain) to a new wallet whose seed phrase you generated offline and securely.

  • Always prefer wallets with strong reputations, open‑source code (if possible), and community audits. Check the developer’s identity, website, GitHub repository, user reviews and trusted third‑party assessments.

  • Be extremely careful when entering or importing a seed phrase: only ever do so when you know the wallet/extension/vendor is legitimate.

  • Monitor your wallets for any unexpected transactions — even very small or odd ones may be signs of malicious activity.

  • Keep your browser and extensions updated, and periodically review your installed extensions and remove any you no longer use or don’t trust.

Final thoughts

The discovery of “Safery: Ethereum Wallet” underscores a fundamental truth of the crypto‑ecosystem: convenience tools (browser extensions, wallet apps, plugins) can often become vectors for sophisticated attacks when built or deployed maliciously. Even smart users can fall victim if they stop exercising caution.

In this case, the attackers executed a multi‑layer strategy: craft a superficially credible wallet extension, rank it highly in the store, wait for users who don’t do full due‑diligence, embed a backdoor that transmits mnemonics via seemingly innocuous micro‑transactions on an unlikely blockchain — and strike. It’s a stark reminder that every wallet, every seed phrase, every extension must be treated as high‑security.

Stay alert. When in doubt, generate a new wallet and transfer your assets to it. And always preserve your seed phrase offline in cold storage, never input it into an extension or tool whose trustworthiness you’ve not fully verified.

Ready to start your cryptocurrency journey?

If you’re interested in exploring the world of crypto trading, here are some trusted platforms where you can create an account:

  • Binance – The world’s largest cryptocurrency exchange by volume.
  • Bybit – A top choice for derivatives trading with an intuitive interface.
  • OKX – A comprehensive platform featuring spot, futures, DeFi, and a powerful Web3 wallet.
  • KuCoin – Known for its vast selection of altcoins and user-friendly mobile app.

These platforms offer innovative features and a secure environment for trading and learning about cryptocurrencies. Join today and start exploring the opportunities in this exciting space!
 Want to stay updated with the latest insights and discussions on cryptocurrency?
Join our crypto community for news, discussions, and market updates: CryptoBCC on Youtube | Telegram | Facebook | Discord |  X(Twitter)
 For collaborations and inquiries: CryptoBCC.com@gmail.com
Disclaimer: This is not investment advice. Cryptocurrency investments carry high risk. Always conduct your own research.

Labels:

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

Solana’s Moment: Are Investors Sleeping on the Spike in RWA & the Launch of SOL ETFs?

 The crypto market may be approaching a pivotal turning point. While price action often lags behind key structural developments, the gap between fundamentals and market valuation is narrowing — and the spotlight is shining on Solana (SOL). According to recent commentary, Solana could serve as a bellwether for whether prices are about to realign with underlying network strength.  Macro pressures & divergence At the macro level, institutional demand is visibly cooling. For example, MicroStrategy subsidiary Strategy (ticker: MSTR) completed 21 bitcoin purchases in Q2–Q3, contributing to a 36 % rally in BTC. But in Q4, the company’s stock plunged nearly 50 %, signaling that institutional capital into Bitcoin (BTC) is losing momentum.  Solana hasn’t escaped the broader weakness: SOL dropped roughly 40% in the latest quarter — roughly double BTC’s decline.  Yet the divergence arises here: on‑chain activity in the Solana ecosystem is heating up even as price lags....
Đăng nhận xét
Read more »

Zcash’s Meteoric Rise: Surging Over 1,000% This Year — Is the Current Dip a Buying Opportunity or a Reversal?

 The privacy‑coin giant Zcash (ZEC) has grabbed the spotlight in the crypto arena by achieving a phenomenal growth of over 1,000% since the beginning of the year. Yet behind this impressive rally lies a recent sharp correction, raising the crucial question: Is this a healthy consolidation stage led by savvy accumulation or a warning signal of a trend reversal? Explosive Gains and Market Context Zcash, known for its privacy‑focused blockchain architecture, has stood out amongst altcoins by posting a massive year‑to‑date increase. This gain comes in an environment where the broader crypto market is under pressure — total market capitalization falling below the US $2.9 trillion mark, showcasing that even strong performers are subject to macro headwinds.  Such a dramatic rally typically draws increased attention from investors, traders and analysts alike, raising both excitement over potential further upside and caution about sustainability. Accumulation Signals: Surprising St...
Đăng nhận xét
Read more »

Unlocking Real‑World Use: MiniPay Enables Stablecoin Spending in Argentina & Brazil

 In a major step toward making crypto more practical for everyday use, Opera’s MiniPay wallet has introduced a groundbreaking feature that allows users in Argentina and Brazil to directly spend their stablecoins — particularly USDT — through local payment systems. What’s New: “Pay Like a Local” The key innovation is MiniPay’s “Pay like a local” function, which links a user’s USDT balance to two widely used payment infrastructures in Latin America: PIX in Brazil Mercado Pago in Argentina  With this integration, MiniPay users can simply scan a QR code at a merchant and pay using their stablecoin wallet. Behind the scenes, USDT is instantly converted into the local currency (Brazilian Real or Argentine Peso) so that merchants receive fiat — no crypto exposure on their end.  Why It Matters This update bridges a fundamental gap between crypto and real-world payments: Practical Utility : Instead of holding USDT only as a speculative asset, users can now u...
Đăng nhận xét
Read more »