Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency


Level 37
Thread author
Top poster
Feb 4, 2016
A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months.
Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.
Although the malicious browser add-on has been taken down, BleepingComputer has seen the phishing website set up by the threat actors is still up.

$4,000 lost to malicious Firefox add-on​

"Today I browsed [through] the add-on list of Mozilla Firefox, I was searching for Safepal wallet extension to use my cryptocurrency wallet also in the web browser," explains a Mozilla add-ons user who goes by the name, Cali.

Little did Cali know what was coming for them. A few hours after installing and logging in to the add-on with their real Safepal credentials, the user saw their wallet balance drop to $0.

"I was deep in shock... I saw my last transactions and saw that [$4,000 of my funds] were transferred to another wallet. I could not believe it [was an] add-on that is deployed in the add-on list of Mozilla Firefox," continues the user in Mozilla's support forum.