Feels like a dream to lose crypto this way, one of the strangest of it's kind.

[5W-KILO]

In the end no one will warn you to stop using your laptops to run and keep your Bitcoin and. Cryptocurrencies, sit back and keep relaxing like nothing is going on, so far 2025 have been a bizarre year for crypto wallets running on PC and smartphones.

Like we have seen the weirdest shit already only to see this today again.

A crypto trader got drained of $200,000 simply by bookmarking a website, I have never heard about this one since I've been using a computer, this is one of the weirdest so far.

It seems bookmarking the webpage automatically launched a script underground and do it's thing.



After doing some research around someone came up with how this can ever be possible, the victim dragged the website using his mouse directly into his bookmark tab and this ran a script.

Link: https://x.com/i/status/2004457753159651646



You are not safe as you think you are, doing all your crypto things using a computer, the risk is too much that every little things matters, even the ones you least expected to attack your crypto wallet, you can safe yourself from all this by having every devices for what they are intentionally created for.

Buy a airgapped hardware wallet going into 2026, don't risk the attacks that will likely be coming in 2026.

[d5000]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

[Faisal2202]

The bookmark mentioned here is a browser bookmark. The contents of this bookmark contain a piece of malicious JavaScript code. When a user clicks on the malicious JavaScript code, it executes the Discord domain where the user is located and steals the token. Once the attacker gains access to the NFT projects’ discord token, they can directly take over relevant permissions of the account.

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

[BIT-BENDER]

The bookmark mentioned here is a browser bookmark. The contents of this bookmark contain a piece of malicious JavaScript code. When a user clicks on the malicious JavaScript code, it executes the Discord domain where the user is located and steals the token. Once the attacker gains access to the NFT projects’ discord token, they can directly take over relevant permissions of the account.

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

We should avoid bookmarking so who would be the next victim so that we can learn what to avoid next? I have not read about this book marking scam but I have read about many stranger scam this year alone than the bookmarking scam.
Is the solution to keep a list of what to avoid doing. I like what the OP pointed about that the Attacks are happening on PC and Mobile devices but if your wallet is on an offline wallet you are safer that those with wallet online.

[5W-KILO]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

Sorry, I am looking into this incident more and more and it's becoming scary.

Here is another victim claiming they fell for the same thing just by bookmarking the webpage.

https://x.com/i/status/1993680223649308942





Link to original is also available.

[BitMaxz]

https://slowmist.medium.com/how-scammer-used-malicious-bookmark-to-gain-access-to-discords-of-nft-projects-7c3b325ff2e9

Well according to this article they have explained how this hack take place, actually the site we are bookmarking is the javascript code itself, like a link we click on it and we ge hacked but in your case like the one you reported, they just bookmarked it but seriously it is really crazy idea that no one would have thought before and I am pretty sure I have read about it before but almost forgot until now.

So now we should avoid bookmarking as well?

That's a weird part—how will bookmarking become JavaScript itself? You might be talking about bookmarklets, not bookmarking, since when we bookmark a page, it only saves the URL and the name of the page, not the JavaScript from the site.
The other option is to have that Javascript if you downloaded the page that includes all things from the site downloaded locally on your device that you can open offline and execute all codes, including the HTML, CSS, images, and Javascripts.

Bookmarking should have nothing to do with compromising our wallet. The one who is a victim from the OP might have been infected already before the hacking happened.

[Satofan44]

Unfortunately you haven't posted any link to the post or an article where it's described, because some details would be missing.

First, of course if you visit an infected website and then bookmark it, the site's JavaScript code will be executed of course. The victim didn't clarify that they did "not" visit the website before bookmarking it.

Often these stories are posted by engagement farmers on X, and they tend to have incomplete and sometimes even completely wrong information. There was one about a market maker these days, completely fabricated and not even the basic information within it was correct.

Second, if it wasn't a traditional bookmark but a bookmarklet, then it directly would store JavaScript code, which can probably be infected too. It seems that the code is executed indeed when storing it, so this could be the reason. So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

In terms of bookmarklet and bookmarks, I believe that this is just a case where most people will use the word bookmark when referring to either one of those and in most cases it is fine. I think that your advice on the disuse of bookmarklets is insufficient, the problem here is much deeper. JavaScript is an abomination and extremely insecure, but so is the interpreter the browser. So extension wallets with a browser that accepts JavaScript is a security nightmare. However, the fault is most often with the users. If we take an analysis at those that get hacked in these stories, we will often find that they have no justifiable reason for keeping a large amount of money in the Extension wallet (such as high speed but manual DeFi trading would require). They are either just lazy or stupid. There is no reason to have $10k, $30k on an extension wallet unless you have $30-$300m in your hardware wallet. In that case though, I expect the person not to complain but humbly accept the expected loss.

That's a weird part—how will bookmarking become JavaScript itself? You might be talking about bookmarklets, not bookmarking, since when we bookmark a page, it only saves the URL and the name of the page, not the JavaScript from the site.
The other option is to have that Javascript if you downloaded the page that includes all things from the site downloaded locally on your device that you can open offline and execute all codes, including the HTML, CSS, images, and Javascripts.

There is no need to write the same thing that d5000 wrote with different phrasing and to use AI too to do it.

Bookmarking should have nothing to do with compromising our wallet. The one who is a victim from the OP might have been infected already before the hacking happened.

Your general statement is useless and wrong. This was a targeted attack with malicious JavaScript.

[Findingnemo]

One with $200K portfolio value still using a hot wallet? If he learned about the basic steps of securing the cryptos and about the internet security practices, then he might be aware that no device is safe from attacks when it is connected to the internet.

It was a costly lesson, I hope others don't need to spend that much to learn that.

[sunsilk]

So it's not bookmarking alone, the victim visited the website and later on, bookmarked it.

If it's a random website that contains malicious content then that's how he got drained. It's just sad that it's another amount that probably his life savings.

But because of losing that security to himself and by not verifying the website he's visiting, that's how he has lost his funds.

[Mrbluntzy]

With different malware being used to steal people's money now, one of them such as zero click attack, should make a person to double their security method for the safety of their Bitcoin and other cryptos. Someone have advised us before not to store our coins on the same phone or laptop that we are using for our personal activities online. If we follow the advice, it will be difficult to easily lose our coins because even when our system gets attacked, we wouldn't lose our coins because it's not there.

[d5000]

Link to original is also available.

Thanks for the links.

The second victim at least seems to admit they clicked on the bookmark. Of course if you click on a bookmark, then you open the (potentially infected) website, and if they have a zero-day exploit for your browser, you can be hacked. That does not even need a bookmarklet with JS, a normal bookmark is enough.

It's an extremely unlikely situation but yes it can happen.

And the first victim probably was a JS bookmarklet.

@satofan44: I agree that the best practice is indeed to disable JavaScript in any browser you use for browser wallets, exchanges and other crypto-related stuff, and as this is important, I repeat it here with bold (hope it's not considered plagiarism)

[CryptoHeadlineNews]

Judging by the statement given above, it is obvious the hacker contacted each of those people who fell victim to this scam, and maybe he might have sent them a link which they clicked on it, which gave room for the virus to have access to their respective devices, and ended up swapping away their respective cryptos that was in those wallet. Because I think the first mistake these people made by visiting any website or link a random individual sent to them, be it a business proposal or whatever, it's literally not wise to use the device you have all your assets to be chatting with random users. Because if I was to have  that $200k portfolio, I would have either bought a hardware wallet or a different device for my asset only.

[PrivacyG]

We should avoid bookmarking so who would be the next victim so that we can learn what to avoid next?

If you want to avoid most situations like this and pretty much any other Cryptocurrency disaster, you can separate all your Wallets in Virtual Machines and create a Virtual Machine particularly for the legitimate Exchanges and other websites you are running.  Although I would rather separate Wallets in multiple Virtual Machines AND use a separate computer for the Exchanges.  The chance of getting a Virtual Machine infected by some thing so complex that it can find the 'exit door' for your Virtual Machine and infect the rest of your actual computer including other Virtual Machines is very low and if you separate the browsing computer from the Wallets computer, the chances are now little to none.

Verify the downloads, do not enter random websites, do not click random links and, if you want to be as paranoid as me, use a no-Java Script plug in or set up Tor Browser on the Safest setting.  This disables Java Script which is very intrusive and curious about your doings.  I am actually curious to know if this malware works on a Tor Browser 'Safest' setup because I am still not entirely sure if the 'no Java Script' works only on websites or on the rest of the browser interface too.

[Churchillvv]

It’s simply do not bookmark a website that you is low key suspicious, and don’t run anything crypto with a computer that you will be using regularly to access different kind of websites, some webs are majorly used for things like this with the knowledge that only a few will be able to detect that something is being ran on the background of their computer.

The more we upgrade in everything that’s the better hacks get, I agree that bookmarks can be the place the whole issue came from but however it’s just just bookmark in my opinion the person in question probably might have given permission to site to run some shit in the computer without their own knowledge.

[nakamura12]

I don't believe that it's because of the bookmark but the link itself that is bookmarked. The victim wouldn't lost money if the link being bookmarked is real or doesn't contain JavaScript or any malicious malware then the victim's funds wouldn't have been drained if the link is safe. Like what sunsilk explained, I believe that it's the reason why the victim's funds got drained because of it. This is the first time I heard of such thing and since bookmark involves link so I think it's all about the link or whatever the victim bookmarked.

[Alphakilo]

Am glad I came across this post and it only makes many of more aware about malicious attacks on our devices that we know nothing about.
Perhaps as we teach the younger ones about crypto currency, we should include web programs like coding and majorly cyber security courses so the awareness is much more there and an advice like using air gapped wallets instead, would make more sense without anyone even saying it.

[TastyChillySauce00]

There are too many attack vectors that it's crazy. Just recently everybody got drained from using trust wallet because of supply chain attack, estimated loss is 7 million and now this bookmark exploit thing.

But there is something that I noticed that just don't sit right with me, wallet data stored by wallet extension usually are encrypted and only you can decrypt with your password. So I doubt a simple javascript code can be executed and out of the blue stole your wallet.
So how exactly your seed phrase can get leaked this easily? are you sure it's not because he's using exploited trust wallet? or is it possible that it's more of a social engineering than an exploit? like you approving a transaction signing pop up without knowing what that actually do and the bookmark actually points to a phishing site?

[Ruttoshi]

Don't use hot wallet to store big amount of money because a hardware wallet is far cheaper and will save you from silly mistakes. Don't be dumb and prioritize the security of your funds. Imagine someone with 200k worth of crypto couldn't afford a hardware wallet of at leas $150.

Don't use the same device for your normal internet surfing and for your crypto to avoid any form of vulnerability for scammers to have access to your wallet.

[CryptoATM]

So the advice would be: don't use bookmarklets on computers where you're dealing with crypto.

Also in addition, especially for people who can’t afford a hardware wallet is simply to use a 2FA atleast with this on your wallet, it will also help to create another layer of security.

Don't use hot wallet to store big amount of money because a hardware wallet is far cheaper and will save you from silly mistakes. Don't be dumb and prioritize the security of your funds. Imagine someone with 200k worth of crypto couldn't afford a hardware wallet of at leas $150.

Don't use the same device for your normal internet surfing and for your crypto to avoid any form of vulnerability for scammers to have access to your wallet.

I also don’t know why someone with such amount of holdings be doing so on his regular laptop and not get a hardware wallet for himself.
The did is done and this should also serve as a lesson to those who care to learn and also a reminder that, the safety of our coins is our sole responsibility and shouldn’t be taken for granted.

[davis196]

At the end of the day it's all about having a good anti-virus and anti-malware program. If the guy had Windows Defender working in the background(or some anti-malware program like Malwarebytes), the suspicious website would have been blocked by the anti-virus/anti-malware as suspicious and the guy would have never bookmarked that website. I'm not the most tech savvy person, but bookmarking a website shouldn't feel the same as clicking a link and running a script. The scammers and hackers are getting smarter and more innovative. There will be even weirder scams/hacks in the future.