Crypto Wallets Targeted by Fake Extensions and macOS Malware

A new crypto cyberattack campaign targets crypto wallets through fake Firefox extensions and advanced macOS malware. Over 40 malicious browser add-ons impersonate MetaMask, Coinbase Wallet, Phantom and Trust Wallet to harvest seed phrases and private keys by inflating reviews and hijacking downloads. Simultaneously, a North Korean–linked hacking group distributes a macOS strain via fake Zoom updates and phishing links. The NimDoor and CryptoBot variants log keystrokes, capture screenshots and tunnel network traffic to exfiltrate Bitcoin and Ethereum holdings from self-custody wallets such as Electrum and Exodus. Traders should avoid unverified browser extensions, update macOS systems, confirm software sources, switch to mobile-only non-custodial solutions and store private keys offline. While immediate price impact on major tokens is limited, heightened vigilance around wallet security is vital for maintaining market confidence.
Neutral
While this multi-vector attack undermines confidence in self-custody solutions, it does not directly affect blockchain fundamentals or token supply. Traders may shift to more secure wallets and non-custodial platforms, but Bitcoin and Ethereum prices are unlikely to see significant volatility from these security threats alone. Heightened caution could dampen speculative activity short term, yet long-term market stability remains intact as developers and users adopt stronger security practices.