HomeCryptoBitcoinCrypto Cash Back: a new Chrome extension that steals Bitcoin

Crypto Cash Back: a new Chrome extension that steals Bitcoin

A new Google Chrome extension used to steal bitcoin (BTC) was recently discovered, it is called CryptoCashBack (CCB).

Fortunately, it was properly removed from the Google store.

The extension was interested in stealing crypto, including BTC, ETH, BCH, BNB, LTC, XRP and ETC.

Once installed, CryptoCashBack required the access to several websites and services like Github, Exmo, Coinbase, Binance, HitBTC, LocalBitcoins and other famous exchanges and platforms.

The extension was so powerful that, depending on the website, it was able to steal all the credentials including the 2FA code, thus managing to bypass even the security needed when one wants to withdraw their cryptocurrencies from a wallet or an exchange.

In fact, analyzing the code of the extension, it can be seen that the data (login and password) were saved on the string “localStorage.getItem”, which sent them directly to the website of the hacker without this operation being visible or blocking the hacked website.

The various addresses where the stolen cryptocurrencies were redirected have been traced:

  • BTC – 16EegrNMdZ9Rxku6Za5neEFjMW57wkQr1S
  • ETH – 0x03b70dc31abf9cf6c1cf80bfeeb322e8d3dbb4ca
  • BCH – 1PCh7w6LdcEv1sWd5wtvkELHcWe5HumUi3
  • LTC – LRPChoyN8qLWENjo1dUjk2bESZjE7bQ6sP
  • BNB – 0x03B70DC31abF9cF6C1cf80bfEEB322E8D3DBB4ca
  • XRP – rGmdGrMjvxt6S3VjF4M78U2YMLPR6XLPSN
  • ETC – 0x4F53C9882Ba87d2D7c525dF2aEF2540EFB6e32e5

The damage is for a total of over 23 BTCs accumulated since the launch of the extension on December 3rd.

Both the extension and the website (with the relative addresses of the authors) have been taken offline, so now there is no longer the risk of becoming a victim of the fraud.

Google has also warned the exchanges of the incident to take action.

For those affected, the only way to be safe again is to change all the credentials of your wallets and exchanges.

Alfredo de Candia
Alfredo de Candia
Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.