The Bitcoin exchange portal Bitstamp warned users over the weekend that a Google Chrome browser extension had been caught stealing Bitcoin and users should avoid the BitscoinWisdom Ads Remover extension that at the time still was available in the Play store. The good news is that Google since banned the app from the store, but you’ll probably still need to remove it from your browser yourself if you were a user of this extension.
The Chrome extension was caught stealing Bitcoin when users made transfers. The extensions malicious code would redirect payments made to their own Bitcoin address instead of the intended target without the user noticing anything until it was too late. What Bitstamp discovered was later confirmed by Bitcoin app developer Devon Weller.
@bitstamp Confirmed. I looked at the source code. It replaces QR code images on bitcoin exchanges with its own addresses.
— Devon Weller (@wellerco) March 11, 2016
The method used to steal your Bitcoin is essentially very easy. Bitcoin addresses, sometimes referred to as wallets, use a very long string in order to identify themselves. That’s something that is both hard to remember and difficult to enter. After all, it’s about money and you wouldn’t want to send that to the wrong destination. QR codes can solve this with ease as you’ll just have to scan a code presented with your smartphone that contains a Bitcoin app and you’re good to go. This is what the malicious browser extension took advantage of by simply replacing displayed Bitcoin QR codes with their own in the displayed website.
On further investigation, Devon Weller discovered that the code only targeted users of the Bitstamp, BTC-E, and Hashnest Bitcoin services.
This isn’t the first time that the same extension has been caught doing so. Back in July last year, Reddit users reported similar issues with the same extension. We can only hope that it is gone for good now. This also shows that you should be very careful what browser extensions you install, they might do more harm than good.