Shitcoin Wallet strives to scrape data from other open windows and send it to a remote server. On December 30, cybersecurity and fraud expert Harry Denley warned of a potential breach in a tweet:
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md
— harrydenley.eth ◊ (@sniko_) December 31, 2019
Binance and IDEX are on the hit list
This cryptocurrency browser wallet has targeted several cryptocurrency websites. Cryptocurrency exchanges Binance and IDEX are on the hit list for this code. Other sites on the target code list are MyEtherWallet, NEO Tracker, and Switcheo. Special codes find passwords and private keys.
The code looks for other browser windows, opening on the websites of some exchanges and Ethereum network tools. The information was then sent to a remote server identified as erc20wallet.tk, a top-level domain address belonging to Tokelau, a South Pacific Islands group that is part of New Zealand territory.
Shitcoin Wallet announced the launch of its new desktop app
According to a blog post by the company, the Ethereum wallet, launched on December 9 and claimed to have more than 2,000 users, is a web-based wallet that has a number of extensions for different browsers.
The website also creates an important thing about your private key that is only stored on your local PC, and there is no need to worry about losing any property due to any hackers attacking ShitcoinWallet’s servers.
Although those users may have received a bit of free ETH, they are now vulnerable to the deletion of compromised data and personal information.
- Ethereum Parity Is Calling On Its Node Operators To Update Their Nodes To Consolidate
- Ethereum Research Scientist Virgil Griffith Will Be Released On Bail With A $ 1 Million Bond