A malicious Google Chrome extension successfully entered the Chrome Web Store, stealing at least $16,000 worth of cryptocurrencies, according to a report. The extension, called “Ledge Secure,” claims to be used as a cryptocurrency wallet in Google Chrome’s browser, which somehow successfully broke through Google’s filters and ended up on the Chrome Web Store for users to download.
At least one user confirmed that their cryptocurrencies had been stolen after the extension was installed, and it was not immediately clear how many of the eventual victims were. Decrypt reported that the extension scanned the device and sent the seed phrase to the extension’s author, which allowed malicious actors to steal almost any cryptocurrency. Take Twitter user Hackedzec, for example, which caused a loss of 600 ZEC coins, worth about $16,000.
French company Ledger confirmed on Twitter that the extension was not a legitimate plug-in and advised users to avoid installing it on their devices. Details of the malicious extension have not been revealed, and Google has removed the extension from the Chrome storefront, advising all who installed it to check their wallets as soon as possible to make sure no passwords were stolen.