Ethereum developer Zak Cole found himself locked out of a cryptocurrency wallet after inadvertently installing a malicious browser extension.
Cole detailed the incident in a post on X (formerly Twitter) dated August 12, explaining that the trouble began when he installed an extension named “contractshark.solidity-lang” via the Cursor AI platform.
The extension initially appeared legitimate, boasting a comprehensive description, a recognizable icon, and a substantial download count exceeding 54,000.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is ENS? Ethereum Name Service Explained (ANIMATED)
Unbeknownst to Cole, the extension stealthily accessed his local environment file post-installation. Within moments, his private key was compromised and transmitted to an unauthorized party.
For three days, the attacker maintained access to Cole’s wallet. Ultimately, on August 10, all funds within the wallet were drained. Cole noted that the timing coincided with his efforts to finalize a smart contract, contributing to his oversight in scrutinizing the extension.
Fortunately, the financial impact was minimal, as Cole primarily utilizes such wallets for testing purposes, holding only small amounts. His primary crypto assets are secured via hardware wallets.
Cole’s investigation uncovered reports from cybersecurity firms like Kaspersky and BleepingComputer, connecting the same extension to a wider campaign responsible for losses exceeding $500,000 across various victims.
Alarmingly, the malicious extension remains available on the Cursor AI marketplace, with its publisher still designated as a trusted source.
A recent report by Koi Security revealed that the cybercrime group GreedyBear has pilfered over $1 million in cryptocurrency. Want to know how? Delve into the complete story here.