GreedyBear Firefox Hack Steals Over $1M in Crypto

    By

    Hanan Zuhry

    Hanan Zuhry

    GreedyBear Firefox hack uses fake extensions to steal over $1 million in crypto. Find out how the attack worked and how to protect yourself.

    GreedyBear Firefox Hack Steals Over $1M in Crypto

    Quick Take

    Summary is AI generated, newsroom reviewed.

    • GreedyBear hackers stole over $1 million using 150 fake Firefox extensions.

    • The attack used a new method called Extension Hollowing to bypass Firefox security.

    • Infected extensions quietly targeted users’ cryptocurrency wallets and private keys.

    • Experts recommend only installing trusted extensions and using hardware wallets for safety.

    Hackers known as GreedyBear have pulled off a huge crypto theft, stealing more than $1 million. They used an unusual method—hijacking 150 Firefox browser extensions to trick users and steal their cryptocurrency. This clever attack used a new trick called Extension Hollowing to sneak past Firefox’s security. Cryptonews reported the details of this major breach.

    How Did GreedyBear Pull Off This Hack?

    Instead of using just one or two malware programs, GreedyBear attacked with a whole army of 150 fake Firefox extensions. These extensions looked safe and even passed Firefox’s official security checks at first. That’s why many people installed them without suspecting anything.

    The hackers used Extension Hollowing, a new technique that lets them change extensions after they get approved. They took control of these trusted extensions and secretly added harmful code. This allowed them to spy on users’ cryptocurrency wallets and steal their funds quietly.

    Why Was This Hack So Sneaky?

    GreedyBear’s attack worked because it used many extensions at once, increasing its reach. Since these extensions were on Firefox’s official marketplace, users trusted them blindly.

    Extension Hollowing also caught security teams off guard. It’s a new trick that lets hackers change approved extensions without being noticed. This means Firefox’s usual defenses didn’t catch the attack early enough.

    Who Got Hurt and How?

    Many people lost over $1 million in total because of this hack. Users who thought their extensions were safe had their crypto wallets stolen. Because browser extensions run quietly in the background, many people don’t even notice when they get hacked.

    Crypto users are especially at risk. So many people use browser extensions to access their crypto wallets or enter private keys. If hackers take control of these extensions, they can steal your passwords, change your transactions, or empty your wallet—all without you even noticing.

    How to Keep Your Crypto Safe

    This hack shows why you need to be very careful with browser extensions—even the ones from official stores. Here are some easy tips to stay safe:

    Only add extensions from developers you trust and with good reviews.

    Check your extensions often and remove any you don’t use or that seem suspicious.

    For important crypto transactions, use hardware wallets or trusted apps instead of browser extensions.

    Keep your browser and security software up to date.

    Pay attention to anything unusual in your browser, like unexpected pop-ups or slow behavior.

    What Should Browser Makers Do?

    GreedyBear’s attack is a warning for browser companies like Mozilla. They need to improve how they check and monitor extensions, especially after people install them. Finding sneaky tricks like Extension Hollowing should be a top priority to protect users. 

    Google News Icon

    Follow us on Google News

    Get the latest crypto insights and updates.

    Follow