GreedyBear Hackers Steal $1M+ in ‘Industrial Scale’ Crypto Theft Using Multi-Vector Attack
Main Idea
The GreedyBear hacker group stole over $1 million in cryptocurrency using a sophisticated operation involving 150 weaponized Firefox extensions and a novel 'Extension Hollowing' technique to bypass marketplace security.
Key Points
1. GreedyBear utilized 150 weaponized Firefox extensions, nearly 500 malicious executables, and phishing websites to steal over $1 million.
2. The group employed 'Extension Hollowing,' a technique involving the creation of seemingly legitimate extensions before weaponizing them with malicious code.
3. The operation evolved from the 'Foxy Wallet' campaign, expanding from 40 to over 150 malicious extensions.
4. The attack targeted popular crypto wallets like MetaMask, TronLink, Exodus, and Rabby Wallet, capturing credentials directly from user input fields.
5. Koi Security exposed the campaign, highlighting its scale and coordination in crypto-focused cybercrime.
Description
Cybersecurity firm Koi Security exposed the GreedyBear attack group’s sophisticated operation, utilizing 150 weaponized Firefox extensions, nearly 500 malicious executables, and dozens of phishing websites to steal over $1 million in crypto. The coordinated campaign employed a novel “Extension Hollowing” technique to bypass marketplace security by building legitimate-seeming extension portfolios before weaponizing them with malicious code. Single Server Controls $1M+ Theft Operation The attack g...
Latest News
- Ethereum Foundation Backs Tornado Cash Developer with $500K Legal Defense Fund2025-08-08 12:51:36
- China Orders Brokers to Halt Stablecoin Promotion Amid Risk Concerns2025-08-08 11:44:28
- Capriole Founder Says Bitcoin’s ‘Energy Value’ Puts Price at $167.8K2025-08-08 11:22:48
- FTC: Imposter Scam Losses Among Seniors Surge 362% Since 20202025-08-08 10:45:51
- Animoca, Standard Chartered, HKT Form Anchorpoint for Hong Kong Stablecoin License2025-08-08 10:02:42