• Millions of people are urged to update their Chrome browsers, particularly cryptocurrency users

  • Google launched an emergency security update for its Chrome browser on March 22nd, putting 3.2 billion users at danger of being attacked. This update revealed a single security flaw that might have a significant impact on everyone, but particularly crypto users.

    At this point, the only publicly available information about CVE-2022-1096 is that it is a “Type Confusion in V8.” This is the JavaScript engine that Chrome uses. The open-source Chromium Project is affected by the security weakness, and it’s probable that this upgrade is in reaction to users reporting their crypto ‘hot wallets’ being hijacked through a browser.

    Earlier this week, Arthur Cheong, the founder of DeFiance Capital and a well-known crypto whale, stated on Twitter that his crypto wallet had been hacked, resulting in the loss of more than $1.5 million USD in tokens and NFTs.

    A ‘hot’ wallet was the focus of the hack. A hot wallet is directly connected to the internet, as opposed to a ‘cold’ wallet, also known as a hardware wallet, in which assets can be held and remain offline for safekeeping and security. After witnessing such sophisticated breaches, it’s clear to claim that storing bitcoins in cold wallets provides considerably more secure ways to holding cryptocurrency.

    Ledger had previously urged users to be aware of Blind Signatures and the dangers that come with them, while also advising users to exercise caution when exploring DApps (decentralized applications) and other similar websites.

    Two key hot wallets that were targeted carried a crypto balance worth more than $1.5 million USD, the majority of which contained NFTs from the ‘Azukis’ collection. These popular NFTs were promptly sold on OpenSea at a loss, allowing the hacker to obtain funds as quickly as possible.

    Fortunately, the scream was heard by the whole crypto community, and action was taken quickly. Supporters quickly obtained some of the stolen Azuki NFTs from the blacklisted hacker and were mercifully willing to return the NFTs to Arthur at a base price rather than reselling them at their current market value, allowing them to make 7-8+ ETH (worth around $24k USD) in exchange. Not all heroes are clad in capes.

    The hacker was able to obtain 78 different NFTs from five well-known collections. And that isn’t all.

    Not only did they target Azuki’s and other NFTs valuables, but they also stole 68 wrapped ETH (wETH), 4,349 staked DYDX (stkDYDX), and 1,578 LooksRare (LOOKS) tokens, totaling $293,281.64 at the time of the attack.

    Following the revelation, Arthur dug deep into the exploit and concluded that the hacker must have gained access to his wallet by sending him spear-phishing emails. This alone demonstrated that the emails were requesting full access to Arthur’s Google Docs files. At first sight, these inquiries appeared to be from two of his ‘legitimate’ sources. The hacker acquired unauthorized access to the seed phrase of his hot wallet immediately after opening the shared file. In other words, the hot wallet’s master password was quickly hacked, enabling the criminal access to all crypto wallets linked to Google Chrome and siphoning the hard-earned riches right in front of him.

    Similar attacks and exploits are not uncommon in the cryptocurrency business. However, and this is really bad, these attacks are becoming very complex, and identical catastrophic outcomes can occur to even the most experienced users. This tragic show demonstrates that anyone can be a victim of similar breaches, and nothing is ever truly “100 percent secure,” as some may say.

    “Didn’t expect this to happen to me,” the recuperating malware victim subsequently tweeted.

    Following the incident, Arthur’s advice was to constantly prioritize security. Using a trustworthy password manager, enabling 2-factor authentication (not via phone numbers to avoid sim card jailbreaks and sim-swapping), and utilizing cold storage wallets, specifically Ledger hardware wallets, are some examples.

    What's your reaction?