Bitcoin Forum

I heard a ledger chrome extension have stolen up to 2.5million in crypto, Users are asked to input their 24-word seed, which allows scammers access to the wallet’s contents. This is why I hate add-ons for chrome or Firefox, they aren't safe at all but how come people are falling for this cheap trick that have been around since years ago now?

⚠️NEVER share your 24 words
⚠️NEVER enter your 24 words into any internet-connected device
⚠️Ledger will NEVER ask for your 24 words

When will people learn?

Also it's better if people use the wallets they already know even after buying a hardware wallet.
For example Electrum and MEW support Ledger (and Trezor too) and if you are already familiar with these wallets it may not worth changing to Ledger Live or other similar new ones, since you may bump on fakes and you won't notice.

People are idiots, stay away from computers if you are into crypto, they aren't safe for keeping coins and you can easily get hacked or infected with Trojans, if it's a must to keep your keys on PC then do not use such PC for browsing the internet for God sake.

It is best to never install strange or rarely used utilities. I have also been a victim of such scams before, thankfully I only lost a few dollars for my stupid action. I recommend that you install metamask because it can identify unsafe utilities

Don't just say other people are idiots, because everyone's knowledge is always different, I personally use a computer from 2010 until now and play crypto from 2017 until now, but everything is safe, because I always use antivirus protection to Trojan viruses and other types, so what idiots will see are those who play crypto but can't use a computer, this is very funny.  ;D

Scammers are always at alert and trying new things to defraud people. Also, that is true, most of these add-ons are not just safe and people should be careful on how they expose their private details. Also, I wonder why someone would use a wallet which isn't verified; if it is not a trusted wallet don't ever reveal your details no matter how attractive the wallet might look. A good number of online wallets, add-ons wallets and so on should be ignored at all times, always stick to the ones prominently used, better to be safe than sorry.

Why would people insert their recovery phrases in to an add-on? The only add-on I trust is Meta mask, even with Meta mask I don't import my eth wallet that consist of huge funds, staying safe is very important if you don't want end up with nothing but bad news

You're lucky you know all this, some people just don't care, they don't do research they are lazy to check things out if the browser add ons will do them harm than good and that's what gets them, as long as we have newbies coming in and do not do proper research, many people will continue to fall on this kind of trap, it's a trap that will steal people's coins.

True, I also use Metamask on my browser add-on, because it has been proven safe and reliable to be used by many people in terms of transactions, and apart from that I also have never used any add-ons if they are not truly trusted, because it is very risky for ourselves.

Yeah I found out metamask is relatively safe, but I don't risk much funds to bring in there since it is in the damn browser where I can surf without vpn, so its not safe in general

They must start to use the paper wallet to avoid all of the possibilities to get scammed when they were using any device that can be hacked or infected. People will never try to learn from their past experience until they will try to prove it with themselves if anything is not safe. Im also storing my crypto on paper wallet too.

Hmm, where's your news link? I mean, I agree, a lot of extensions can be malicious but I've been using MetaMask for ages now and I've never had a problem. Ok sure, I don't have millions in crypto waiting to be stolen but I think all online tools have a vulnerability at the end of the day.

People don't use crypto properly so how can you expect them to learn?

Anything addon can be forged, for example you can download a fake metamask thinking it's the original, I guess that's what happened to those who fall for the fake ledger addon, I quit using PC for anything crypto, it's not safe like smartphones

because of that I never installed add ons that I didn't know about. Well, I once lost bitcoin in my wallet, so after that, I was very careful when it came to installing applications online or adding ons to the browser. I think, there are already so many things like that out there.

I have used metamask for a long time, and in my opinion it is very safe. You will not encounter any problems when using it, in addition it also warns a lot of fake addresses when we access the internet. Very suitable for us to use every day

It is totally true that no one is ever safe online. Scammers and/or hackers do really upgrade their way on how they can access your wallet through online usage. It is really in need that we must learn not to fall for such schemes being created by hackers to have an access into our online wallets. We must always be careful on the add-ons we see that pops up in our monitor not to just click it without knowing what is that all about. It is best not to click those pop-ups to avoid such unexpected situations. Also, we must not share private informations such as seed/private key/password online because intruders are always right there waiting for their victims to get into their bait so better always be careful on that. Being aware and knowledgeable is really a key in this industry for us not to be fooled by such schemes and to avoid being hacked or scammed by those kind of people. If you feel unsecure on using online wallets, it will be good to try using hardware wallets. But if you insist to use online wallets, just be mindful not to share private information over online conversations and transaction to avoid scammers and hackers. Always think before you click.

The fact is you will be safer using smartphones for crypto, on computers you are exposed to many risks than you know it, since a miner hijacked my PC and take control of some files on my PC I stopped using computers to safe coins or operate wallets

Surely I would not do this either, Hmmm I don't think anyone with enough knowledge here in the cryptocurrency surely is not going to put a 24-word seed in a chrome add on for sure and also we know the risk if we are going to do this.

I don't believed anyone would fall for this kind of scam unlike this scammer was really sneaky getting information in a users or in their computer, I guess it was just a lesson for everybody to not trust everybody in the internet.

Your wallet is your own responsibility to make it safe. When someone is aware of the vulnerability to hacking that can occur, they will try to find the best solution to keep their wallets and assets safer.

Almost all hacking problems that occur can be said of negligence from the owner of the wallet or the owner of the asset (victim) itself. So the point is we as cryptocurrency users must prioritize security not convenience because this cryptocurrency asset is money that everyone wants including scammers. So there is no reason if someone can not maintain it properly and safely, then the consequences may be to lose all the contents of the wallet.

I've stopped warning people about there private keys and recovery seeds, if they can't keep their keys safe then they are ready to lose funds, even if we keep posting about how important private keys are every single day some people will still go around doing stupid things with their private keys

This can't be overemphasized and overlooked, most browsers add-ons are used as a means to steal from people and there is no two ways about it. First it comes in a free and easy way to install, have good UI and once the user is glued to such add-ons wallet UI, he/she is then at the mercy of the scammers because what comes next is inputting the private keys. For security reasons always use wallets you are sure of, wallets that others are using and have good ratings for. It doesn't pay to use different new wallets but it pays to glue to the ones which you are sure of for the sake of your assets.

Atleast they have to learn about researching before trusting anything when they found on internet no matter whatever it will be. :)

Beginners sections have lot of guides to find scammers and phishing sites so anyone don't know about it visit that section and increase your knowledge on getting safe while using your cryptos.

Before and foremost this should be prioritized as keeping your keys are very important to keep you being safe while you are working inside this business,
there are lots of guidelines that everyone should be aware, most of the time mistakes really harm your investment if you fail to protect and secure yourself and your assets.
Keep in mind that every time you are inside this industry you need to keep yourself protected. Do your research before doing things that will may harm you.

for idiots nothing is safe in internet some other way they will do mistakes and lose , never trust anything from net and give your confidential data , a lot of vulnerabilities and hackers steeling , scammers are increasing and they will find many ways to scam us we must be careful and not fall for there scams and lose our money add-ons are crap and using them is very dangerous 

Although extensions are fun to use and have great features but they are very harmful. Most of them are came from third party authorizations. they may contain malware and perform malicious behavior. If some addons are not malicious but they are harmful too because they are able to collect data from browser without notifying to user. So, stay away from using any third-party authorized extensions. Online wallets are likely to be hacked no matter how secure they are, there is nothing more secure than hardware wallet.

I agree. People learn when they make a mistake. But people should careful from not happening that mistake. Cause who knows how much suffer will go through because of that. Your PC is in risk when it's connected with WiFi, Bluetooth or other devices. Personal text means personal, It's just only for you, Not even team supporter need that because of anything. It's obvious a scam attempt if somehow asking about personal text. Stay away from hishy-fishy add-on. No mater how much they provide advantage of their add-on they will hurt you badly end of the day.

It is better if you share the link where  you heard that news so I may read the whole content, too but anyway I can do some google later.
 
 Sad that scammers really doing all the possible to get crypto coins. They have been using add ons now, never knew about that. But, the moment something pop up on your screen asking for any suspicious infos like that "24 word seed" or even "private keys" and other related private crypto access, then we should  think twice before giving it out.
 
 Especially in times like these where scammers are entering social media field and cryptocurrency is one of the trend where our money is involved then we should always "Think before you click!."

Rather than add-on and we have a bunch of trusted software. Imagine when someone wanna create a new ethereum wallet and he has a bunch of choices to choose the software or try to create a new wallet use metamask that is not 100% safe. People must learn more about what they were doing. I have experienced seeing a lot of people keep used add on even that was no safe at all.

I only installed already verified add on and will just connect with my metamask, just like the new Origin add-on, I needed to connect my wallet with my Metamask so there is never any wallet importation. I won't even import my wallet to known dex.

If you must import your private keys make sure it's empty and after everything is done it's safer not to use the wallet address to store any big funds again, you are better off creating new wallet address, this is what I do most times just in case

If you want to install add-ons then you have to look first before installing them from their official website or not, I've also almost been exposed to scam add-ons like that but I'm more careful first so that everything is safe. Or you can search the reviews first on Google to be more confident if you use the original.

You just need to install the utility from their official website. Never install anything outside without trust. I have several friends who have encountered the same problem, their private keys were stolen when they installed some strange utilities. Be careful with those utilities because it will cause us many difficulties

I have no exact knowledge of where I did wrong but my Tron was stolen from my Tronlink browser extension wallet. And after I lost them, I tried to find more info about it and realized I was not the only one. Browser extension are in no way a safe way to access your coins.

You seem to generalize events often in your threads, not good enough.

Secondly, you cannot say browser add ons are not safe, instead you say only verified desktop addons are safe. Extension add ons on browsers is just like google play store, where anyone can set up their add ons for all.

Meta Mask, Google Authenticators  and even Origin OGN add on extension are example of verified add ons on browsers.

My advice for everyone is to do their research, and trace the source of any add ons you use on your computer.
Stay safe.

I suggest that if you're used to using an old wallet, you don't have to replace it with a new one.
yes, although the looks and performance are better.
Using an old wallet won't hurt as long as the security procedures are still good. This is no problem.

People should learn from the warnings and experiences of others. If you have been following the updates of Ledger, they are reminding their users that no chrome extension has ever been made by them.

And they will never ask for the 24-word phrases, only the device will when you are restoring your wallet.

Few new wallets are better than the old wallets, it's not a problem changing wallets, all you have to do is chose wallets that have good review from users

Not all add-ons are harmful, those add-ons that will require user to input sensitive information should be avoided or properly verified before usage,  but the common add-ons that just assist users browsing experience should not be regarded as harmful, those that assist in learning, writing or performing other important task that don't require sensitive information is not bad imo.

But there are few add-ons that works like a wallet, for example metamask add-on which requires your private key or Mnemonic seed, some add-ons ask for sensitive information for sure, we just have to keep warning newbie but this won't stop them from silly mistakes

One of the main reason why Tech is great yet its risky at the same time
The reason why im on this statement is because

Private key itself seems easy, we can explain to non tech savvy person and tell them its like a password where you shouldn't share
I think that's clear and easy
But for things like Browser Add on, Phishing Links, Malicious Apps
These are pretty hard for non tech people to evade
Moreover, it is impossible for us to monitor and guide these people 24/7
Furthermore, not everyone have the time or have the capability to absorb all these tech junkies thing

Thus, i would say Crypto investment is still a good investment but its costly to do so

Absolutely when you own a hardware wallet it is meant to sepearte you from online.it is like a walk between the assets and the internet thieves. It makes no sense to enter the password or key phrase in internet or storing it in a online safety locker. The best you can do is store in a physical format .

On the site where you can buy cold wallets, you can also buy a wallet in which you can store your seed phrase in a protected metal case. It is very convenient not to lose your phrase.
Cold storage of money is one of the best inventions in this market.

I remember some people complained about the message in their email. sometimes the email is in the name of a large browser company, or another company that is disgusting to download, or install add ons. Well, after that, there were tons of reports about data theft. however, nowadays hackers are very smart and use all means to take what they want. I'm just suggesting, don't get involved or run something you don't know about.

There are some formalities which people should follow using the internet especially when it concerns personal information and hard-earned money. Nowadays it is easier for fraudulent platforms to push a message or system which asks personal information. 
I see one important reason behind people failing to identify it that still more education is required regarding privacy policies and how to stay away from Ponzi schemes.

They are not safe in the sense that they are basically controlling all the wallets in their system, they do have security measures and they are trying best they can but they have been hacked many times before as well, for example mew has been hacked 2-3 times that I can just remember right now, they have been hacked a lot more than that usually as well.

It is obviously not ideal to give all the wallet rights to a third party, it would be regarded as a bad move in any other instance, however for the add-on wallets it is not seen as bad as it sounds. The only reason for something like that is the fact that some of them are just for the looks and not for the rights, you basically look at your coin in them but can't be touched or used by them at all, sort of like blockchain viewer.

Anyone at this stage that is still using Add-ons wallets is ready to lose his or her money. Add-ons are designed to still your money even hackers can easily hijack it and access your accounts, there some add-ons that uses your system to mine crypto, just do not be careless with your tokens because that tokens could worth millions in future

Honestly these add on can be really tiring. Its better to have specific browser you use for crypto and don't activate any ads on with it. Mist important is to never give your secret keys or phrase to anyone. They will only need it to steal your funds. It's meant only for you.

So far I have some add-ons on my browser but I personally choose what's the best add-ons I want to put and never put any random add-ons just because someone recommended it to you. I myself did some research first to know what is that add-ons do and what are the review results. In some cases I might have to use my 24 keys in my computer but I am more on my mobile when doing some transaction with crypto.

Not just ledger but trezor as well, chrome extensions are very dangerous because we don't know if the app is malicious or not. In the case of crypto, there are still thousands in google web store still in the wild,


In a perfect world, no one should really fall for this cheap trick. However, human stupidity is one subject that we can't really understand. How in the hell you are sharing all of your 'secret' phases? That's why it is secret and you need to take care of it and not just blindly entering it to a website or apps that you didn't even bother to check?

There is no need to be talented for protecting your own privacy but don't blame the 50 years old grandpa for not careless behaviour about the malicious apps. His technical knowledge and research ability is limited to open the browser and find the information for streaming or reading. No one is supposed to be tech savvy especially if the technology is used for tacking us.

yeah right we have to be careful with browser add-on because not all browser add-ons are safe and there are also some fake browser add-ons to fool browser users

It really sucks to say this, but this won't going to end, IMO. People who experienced it on hand, had seen the problem prior to doing it may be able to avoid, however, people who aren't aware and an easy to trick one, for sure would took the bait. And no matter how we keep 'em away from such disaster as long as they won't help themselves it will be a forever journey. Beside, such trick comes in different ways we didn't thought possible.

I also don't like wallet extensions, many people can create them and spread them. especially if the extension is lacking or just known. but to enter the wallet system we must enter the "private key" because that's the only key to enter the wallet.

" When will people learning? " this is not a learning problem but every wallet has flaws and is add with human errors. so with very simple phishing can trick people.

Yes, if for add-ons that are not needed more, do not use because it is very dangerous and every add-on must also be carefully examined before we use it in our browser, because it is also a sacred thing if we use it incorrectly.

I don't want to install add-ons in my browser that contain my personal identity, including installing a wallet to the browser. I don't know if the add-ons are safe or not, or the developer can always keep his apps from the hacker or not. There is no 100% guarantee to be safe, especially if we use a browser and install the add-on, and it is better to use the other way that we can control by ourselves. The hacker will find a way to enter the system, and I know they can do that, so better we care with our wallet and install it in another device that will be safe from the hacker.

I get your point, my point is for OP not to generalize that all add-ons are harmful, I for once never use those add-on wallet even though am not a newbie because I know they are not safe,
Ofcourse there is the need to warn people of the dangers using such add-ons that will require users to input sensitive information, people should be extremely careful, whether it is from add-ons or stand alone app.

This is not the first time, I saw some thread about it where people were complaining of losing fund by a browser add on the wallet! Some people won't learn ever until they lose huge money because of their stupidity! Buying a Ledger won't save your assets if you aren't aware enough! Never share your Phrase codes, never take a picture of it, just write a paper and keep it safe! That's the best way to be safe!

Something like this should not happen to Chrome that the composer is so big, and they have to increase the security better, and scams like this are very sneaky because just by entering the word then they can penetrate our wallets, I think for old users this kind of thing they already know the hacker must be right to ignore, and I am sure the victim is a new user , the future should be more cautious.

One should be careful when downloading/installing a Chrome extension. Not every extension is to be trusted except for those being developed by prominent developers in the crypto/Blockchain space. You'd always need to check who's developing the extension to know with certainty how safe it is. The previously mentioned warnings should be taken into consideration to avoid many undesired losses. For ETH and ERC token transactions, using Metamask with the Ledger hardware wallet is a pretty safe bet. Still, you're interacting with an internet connection which brings some additional security risks. For the paranoid ones, creating a raw transaction offline on a separate device for broadcasting online at a later time, is the way to go.

I guess that most people have suffered from hacks and many undesired events on the crypto space because of their lack of knowledge. We should do everything possible to educate newcomers into properly securing their crypto against the latest threats in the Blockchain space. The responsibility lies within the individual himself instead of a third-party because of the decentralized nature of crypto. Hackers and scammers know this, leading them to devise new tactics against the average crypto user.

Nonetheless, it's recommended to only use trusted browser extensions for small amounts of crypto. For larger amounts, you're better off using a paper wallet or an official software wallet from the coin's developers. As long as you do that, you'll never end up losing your hard-earned crypto from malicious actors. Just my thoughts ;D

Most add-ons or extensions are just for the sole purpose of stealing because scammers will build it in way that it will be easily attractive with "good" features. Also, where some add-ons might not ask for private keys etc it can also be used to monitor your activities in websites thus stealing the needed details. In my own opinion, if the recommendation is not from the team of any project then on no account should it be installed let alone being used. In this current world, we need to be careful as well as assuming and taking all manner of security measures to protect ourselves and funds from scammers.

The browser add ons are one of the scam strategies that hackers use to steal the funds and information of people. They deploy fake addons into the marketplace so once any use installs on their computer it gives them access to steal sensitive information. some scammers also do these by developing fake mobile applications, especially in the android market in order to have access to the funds of users. I think we can all avoid this if we try to download stuffs right from the main websites instead of visiting app stores

That is why IOS marketplace is not suitable and last choice for hackers, it is hard to prove the source of program without proper knowledge. Btw, the Google play market is full of scam apps and the team has delisted many apps, web browser extensions to avoid the confusion in the future.

well there have been many cases that occur because of installing add-ons in the browser so that some platforms have realized it all and as much as possible to not add add-ons that are really not important because it is too risky.