Cryptocurrency hackers have been using web browsers to exploit individual users in a variety of ways in recent years, but how can you protect yourself from the tactics currently used by hackers? We discuss the various ways hackers can get to you through your browser and how to help protect against them.
Cryptojacking is a process where a hacker uses a malicious website to remotely harvest your computer’s power to mine cryptocurrencies for them. This slows down your computer and drains its resources while earning the hacker money at your cost.
Many browsers have added built-in protection to their offerings in recent years alongside what is available from third party developers. For example, Mozilla launched anti-cryptojacking measures for its Firefox browser back in 2018 to block mining scripts from activating from within the Firefox browser, while Google’s Chrome browser has banned mining scripts from all extensions.
In fact, all major browsers are now protected from mining scripts out of the box, with Chrome, Firefox, Brave, Opera, and Safari are all able to identify and block any related activity. If you’re in any doubt, use Opera’s cryptojacking tool to test your browser.
Fraudulent Browser Extension
Another exploit that has increased in exposure in recent months is the fraudulent browser extension. Hackers advertise fake browser extensions related to popular crypto wallets, waiting for users to download them and install them. Once installed and the wallet connected, the hackers can then gain remote access to the wallet and can send the funds within them to themselves.
A recent example was an XRP holder who lost her entire holdings when she installed a well-known fraudulent Ledger extension for Chrome. No sooner had she inputted her wallet password than the tokens were shipped off to the hacker’s address.
You can protect yourself from these fraudulent addons by checking with the wallet maker first through their website or social media that the extension is legitimate before installing anything.
As well as hacking your wallet and stealing your power, hackers can also use an exploit that changes the recipient’s address when you want to send some cryptocurrency through your browser.
These are in fact clipboard monitors that keep an eye on what you’re copying and pasting, replacing any addresses they see with their own. The end result is that the hacker gets the funds while you refresh Etherscan and try to work out why your transaction hasn’t arrived.
The best way to guard against these kinds of hacks is to double check the first and last 4-5 digits of the recipient address before you send. Should you spot anything suspicious your computer will need an entire anti virus sweep, or potentially an entire reset.
Scratching the Surface
These are just three ways hackers can exploit your browser to steal your funds, with the threats evolving at a rapid rate. Should you want to give yourself extra protection you could consider crypto-specific browser addons like the free UPPward from the recently award-winning stable of products from Uppsala Security. These products use a frequently updated database to monitor your browser in real time for the latest threats and warn you if they come across anything.
In general you should ensure you have effective antivirus software installed on all computers and that you keep an eye on sites like FullyCrypto to keep up to date with the latest exploits.