GreedyBear $1M Crypto Theft Dey Happen Via Fake Wallet Extensions
For di past five weeks, one Russian hacker group Wey dem dey call GreedyBear don run one big crypto theft campaign, wey dem don steal over $1 million digital assets. Di attackers deploy 150 bad Firefox extensions and almost 500 Windows executable wey dey carry malware to phish for wallet credentials. Dem use one "Extension Hollowing" tactic, wey dem swap real add-ons with fake MetaMask, Exodus, Rabby Wallet and TronLink plugins to collect private keys. People wey install dis phishing browser extensions no sabi say dem give their keys, wey allow direct money transfer. More malware — like LummaStealer, ransomware and trojans — spread through pirated software sites. Almost all bad domains point to one central IP (185.208.156.66), wey serve as command-and-control hub for stolen data and payloads. Koi Security CTO Idan Dardikman confirm say Firefox extensions na di campaign most profitable attack vector. Dis crypto theft show say phishing risk still dey, and traders need to check extension sources well, audit installed plugins regularly, and download only from official channels to keep wallet safe.
Bearish
Dis news say GreedyBear thief $1M crypto no good for di market. High-profile phishing attacks dey kill trader confidence and increase di risk wey people dey feel. For short term, di victims fit sell their holdings because dem dey fear security, dis one go cause sell pressure. For long term, repeated breaches fit slow market adoption and trading volume, e go make di security measures strong but e go reduce speculative inflows till confidence come back.