Feels like a dream to lose crypto this way, one of the strangest of it's kind.

[5W-KILO]

In the end no one will warn you to stop using your laptops to run and keep your Bitcoin and. Cryptocurrencies, sit back and keep relaxing like nothing is going on, so far 2025 have been a bizarre year for crypto wallets running on PC and smartphones.

Like we have seen the weirdest shit already only to see this today again.

A crypto trader got drained of $200,000 simply by bookmarking a website, I have never heard about this one since I've been using a computer, this is one of the weirdest so far.

It seems bookmarking the webpage automatically launched a script underground and do it's thing.



After doing some research around someone came up with how this can ever be possible, the victim dragged the website using his mouse directly into his bookmark tab and this ran a script.

Link: https://x.com/i/status/2004457753159651646



You are not safe as you think you are, doing all your crypto things using a computer, the risk is too much that every little things matters, even the ones you least expected to attack your crypto wallet, you can safe yourself from all this by having every devices for what they are intentionally created for.

Buy a airgapped hardware wallet going into 2026, don't risk the attacks that will likely be coming in 2026.

[d5000]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

[Faisal2202]

The bookmark mentioned here is a browser bookmark. The contents of this bookmark contain a piece of malicious JavaScript code. When a user clicks on the malicious JavaScript code, it executes the Discord domain where the user is located and steals the token. Once the attacker gains access to the NFT projects’ discord token, they can directly take over relevant permissions of the account.

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

[BIT-BENDER]

The bookmark mentioned here is a browser bookmark. The contents of this bookmark contain a piece of malicious JavaScript code. When a user clicks on the malicious JavaScript code, it executes the Discord domain where the user is located and steals the token. Once the attacker gains access to the NFT projects’ discord token, they can directly take over relevant permissions of the account.

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

We should avoid bookmarking so who would be the next victim so that we can learn what to avoid next? I have not read about this book marking scam but I have read about many stranger scam this year alone than the bookmarking scam.
Is the solution to keep a list of what to avoid doing. I like what the OP pointed about that the Attacks are happening on PC and Mobile devices but if your wallet is on an offline wallet you are safer that those with wallet online.

[5W-KILO]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

Sorry, I am looking into this incident more and more and it's becoming scary.

Here is another victim claiming they fell for the same thing just by bookmarking the webpage.

https://x.com/i/status/1993680223649308942





Link to original is also available.

[BitMaxz]

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

That's a weird part—how will bookmarking become JavaScript itself? You might be talking about bookmarklets, not bookmarking, since when we bookmark a page, it only saves the URL and the name of the page, not the JavaScript from the site.
The other option is to have that Javascript if you downloaded the page that includes all things from the site downloaded locally on your device that you can open offline and execute all codes, including the HTML, CSS, images, and Javascripts.

Bookmarking should have nothing to do with compromising our wallet. The one who is a victim from the OP might have been infected already before the hacking happened.

[Satofan44]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Often these stories are posted by engagement farmers on X, and they tend to have incomplete and sometimes even completely wrong information. There was one about a market maker these days, completely fabricated and not even the basic information within it was correct.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

In terms of bookmarklet and bookmarks, I believe that this is just a case where most people will use the word bookmark when referring to either one of those and in most cases it is fine. I think that your advice on the disuse of bookmarklets is insufficient, the problem here is much deeper. JavaScript is an abomination and extremely insecure, but so is the interpreter the browser. So extension wallets with a browser that accepts JavaScript is a security nightmare. However, the fault is most often with the users. If we take an analysis at those that get hacked in these stories, we will often find that they have no justifiable reason for keeping a large amount of money in the Extension wallet (such as high speed but manual DeFi trading would require). They are either just lazy or stupid. There is no reason to have $10k, $30k on an extension wallet unless you have $30-$300m in your hardware wallet. In that case though, I expect the person not to complain but humbly accept the expected loss.

That's a weird part—how will bookmarking become JavaScript itself? You might be talking about bookmarklets, not bookmarking, since when we bookmark a page, it only saves the URL and the name of the page, not the JavaScript from the site.
The other option is to have that Javascript if you downloaded the page that includes all things from the site downloaded locally on your device that you can open offline and execute all codes, including the HTML, CSS, images, and Javascripts.

There is no need to write the same thing that d5000 wrote with different phrasing and to use AI too to do it.

Bookmarking should have nothing to do with compromising our wallet. The one who is a victim from the OP might have been infected already before the hacking happened.

Your general statement is useless and wrong. This was a targeted attack with malicious JavaScript.

[Findingnemo]

One with $200K portfolio value still using a hot wallet? If he learned about the basic steps of securing the cryptos and about the internet security practices, then he might be aware that no device is safe from attacks when it is connected to the internet.

It was a costly lesson, I hope others don't need to spend that much to learn that.

[sunsilk]

So it's not bookmarking alone, the victim visited the website and later on, bookmarked it.

If it's a random website that contains malicious content then that's how he got drained. It's just sad that it's another amount that probably his life savings.

But because of losing that security to himself and by not verifying the website he's visiting, that's how he has lost his funds.

[Mrbluntzy]

With different malware being used to steal people's money now, one of them such as zero click attack, should make a person to double their security method for the safety of their Bitcoin and other cryptos. Someone have advised us before not to store our coins on the same phone or laptop that we are using for our personal activities online. If we follow the advice, it will be difficult to easily lose our coins because even when our system gets attacked, we wouldn't lose our coins because it's not there.

[d5000]

Link to original is also available.

Thanks for the links.

The second victim at least seems to admit they clicked on the bookmark. Of course if you click on a bookmark, then you open the (potentially infected) website, and if they have a zero-day exploit for your browser, you can be hacked. That does not even need a bookmarklet with JS, a normal bookmark is enough.

It's an extremely unlikely situation but yes it can happen.

And the first victim probably was a JS bookmarklet.

@satofan44: I agree that the best practice is indeed to disable JavaScript in any browser you use for browser wallets, exchanges and other crypto-related stuff, and as this is important, I repeat it here with bold (hope it's not considered plagiarism)

[CryptoHeadlineNews]

Judging by the statement given above, it is obvious the hacker contacted each of those people who fell victim to this scam, and maybe he might have sent them a link which they clicked on it, which gave room for the virus to have access to their respective devices, and ended up swapping away their respective cryptos that was in those wallet. Because I think the first mistake these people made by visiting any website or link a random individual sent to them, be it a business proposal or whatever, it's literally not wise to use the device you have all your assets to be chatting with random users. Because if I was to have  that $200k portfolio, I would have either bought a hardware wallet or a different device for my asset only.

[PrivacyG]

We should avoid bookmarking so who would be the next victim so that we can learn what to avoid next?

If you want to avoid most situations like this and pretty much any other Cryptocurrency disaster, you can separate all your Wallets in Virtual Machines and create a Virtual Machine particularly for the legitimate Exchanges and other websites you are running.  Although I would rather separate Wallets in multiple Virtual Machines AND use a separate computer for the Exchanges.  The chance of getting a Virtual Machine infected by some thing so complex that it can find the 'exit door' for your Virtual Machine and infect the rest of your actual computer including other Virtual Machines is very low and if you separate the browsing computer from the Wallets computer, the chances are now little to none.

Verify the downloads, do not enter random websites, do not click random links and, if you want to be as paranoid as me, use a no-Java Script plug in or set up Tor Browser on the Safest setting.  This disables Java Script which is very intrusive and curious about your doings.  I am actually curious to know if this malware works on a Tor Browser 'Safest' setup because I am still not entirely sure if the 'no Java Script' works only on websites or on the rest of the browser interface too.

[Churchillvv]

It’s simply do not bookmark a website that you is low key suspicious, and don’t run anything crypto with a computer that you will be using regularly to access different kind of websites, some webs are majorly used for things like this with the knowledge that only a few will be able to detect that something is being ran on the background of their computer.

The more we upgrade in everything that’s the better hacks get, I agree that bookmarks can be the place the whole issue came from but however it’s just just bookmark in my opinion the person in question probably might have given permission to site to run some shit in the computer without their own knowledge.