OKX, a Seychelles-based cryptocurrency exchange, has raised alarms about the existence of unauthorized wallet extensions in the Firefox plug-in store. Users have reported that these counterfeit browser add-ons introduce third-party features into the site’s browser interface.
Despite only accumulating fewer than 100 downloads at the time of this announcement, the exchange quickly communicated that it has not issued any official Firefox browser extensions.
Official Warning from OKX
In response to concerns regarding fraudulent extensions, OKX utilized its Twitter/X account to inform users. On January 8th, the company explicitly stated that it has not launched any official wallet browser extension and urged those who might have unintentionally downloaded the extension to move their digital assets without delay.
【重要公告】我们注意到近期 Firefox 浏览器插件商城中出现了假冒的 OKX Wallet 插件,请注意:OKX 官方目前尚未发布任何 Firefox 插件
如果您已经使用该恶意插件请立即转移相关钱包资产,我们已经就此向 Firefox 官方投诉。… pic.twitter.com/GjImvSA35l
— OKX中文 (@okxchinese) January 8, 2025
Additionally, OKX confirmed that they have lodged a complaint with Firefox regarding these extensions. They advised users to only download plug-ins from their official website and encouraged reporting any suspicious tools.
Rise of Malicious Browser Extensions
The emergence of fraudulent browser extensions is becoming increasingly problematic and significantly affects the financial sector. Such harmful extensions, like the fake OKX wallet add-ons, can lead to unauthorized access to sensitive financial details and login credentials.
Reports indicate that cybercriminals frequently utilize these deceptive extensions for phishing schemes, which aim to deceive users into revealing their login credentials.
Phishing Scams Resulted in $1 Billion Losses in 2024
As per Certik, hackers stole cryptocurrency from unsuspecting individuals through phishing attacks in 2024. Their Web3 Security Report 2024 highlighted various costly scams, revealing that the crypto sector faced losses exceeding $1 billion across 296 phishing incidents, a 21% rise from the prior year’s figures.
Additionally, McAfee identified malware affecting Android smartphones named SpyAgent in September 2024. This malware masqueraded as a legitimate app but was part of a scheme affecting over 300 deceptive applications, using Optical Character Recognition (OCR) technology to scan images and capture sensitive information, including cryptocurrency passwords.
On September 19, 2024, hackers compromised Decentraland’s social media accounts. Once they gained access to Decentraland’s Twitter/X, they exploited it to propagate phishing attempts, tricking users into clicking malicious links. Many users fell victim to these attacks and subsequently lost a large portion of their digital assets.
Currently, there hasn’t been any confirmation regarding the number of users impacted by the fake browser extensions or whether they have suffered losses to their digital assets.
Image sourced from SCMP, data from TradingView