Lately, Google had to take down an ad-removal tool named BitcoinWisdom which replaced any payment QR codes with their own wallet addresses.
After being discovered by Bitstamp, a cryptocurrency exchange, after a careful look at the add-on’s source code, news spread like wildfire and people stopped using BitcoinWisdom.
Be careful! We have uncovered a Chrome extension called BitcoinWisdom Ads Remover that will try to steal your #bitcoin.
— Bitstamp (@Bitstamp) March 11, 2016
This is a whole new thing which might threaten crypto exchange security. Normally, it would be a direct attack on the exchange but this time it is through a trader’s web browser.
According to Softpedia, BitcoinWisdom’s source code “manipulated” the QR code payment systems of various webpages with its own Bitcoin addresses and is mainly targeted at Bitstamp, BTC-E and Hashnest which all handle large quantities of Bitcoin per day.
Since QR codes never show any real address and Bitcoin addresses are always anonymous, it is really hard to actually figure out if you are sending to the right one.
In an article by Cointelegraph, a Reddit user by the name of methamphetaminic discovered that roughly 200 bitcoin addresses were going to be used for all transactions but only 3 transactions actually made their way into those addresses.
With the highest value of all 3 transactions being $32.27 USD, the scam did not really profit from that and Google has now taken it down from the Chrome store which leaves us all cautious of any more scams like this.
Tips for this type of scam?
Check first before you actually make the transaction. I always check the address to make sure it is right. Another is always be careful of all the Chrome extensions you have, Dogechain wallet warns users before they sign in always to watch their browser extensions so that security won’t be compromised.