Fake Firefox Add-On Stole Users’ Crypto

A slew of Firefox users has fallen victim to a bogus add-on that was masquerading as a legitimate extension of a cryptocurrency hardware wallet called SafePal, Bleeping Computer reports.

One of the victims, who goes by the name of Cali, was shocked to discover that all of the funds went into the hands of scammers:

I was deep in shock…I saw my last transactions and saw that [$4,000 of my funds] were transferred to another wallet. I could not believe it [was an] add-on that is deployed in the add-on list of Mozilla Firefox.

It is unclear how many other Firefox users were deprived of their funds after downloading the malicious extension. The add-on was operational since mid-February before it was removed just recently.

A bunch of negative reviews from disgruntled users should have been a warning sign.


The user who was scammed by bad actors claims that the police are not capable of tracing the hacker.

Potential victims are tricked into entering their recovery phrases, making it extremely easy for hackers to pilfer their holdings.

What’s more, the phishing domain associated with the fraudulent add-on is still live.

Hacks and scams remain prevalent in the cryptocurrency industry. As reported by U.Today, Bitcoin.org, the very first Bitcoin website that was registered by Satoshi Nakamoto, suffered a security breach four days ago.

Earlier this month, a fake YouTube stream of Apple’s annual event promoting a Bitcoin giveaway reached roughly 170,000 viewers before it was shut down.