Jan 3, 2020 02:30 UTC
Jan 3, 2020 at 02:30 UTC
Extension-native wallet create also sends secrets to their backend!
Bad guys: erc20wallet[.]tk
ExtensionID: ckkgmccefffnbbalkmbbgebbojjogffn pic.twitter.com/TE2iw5d8Md
— harrydenley.eth ◊ (@sniko_) December 31, 2019
As indicated by Denley’s tweet, the Ethereum based crypto wallet software, Shitcoin Wallet is targeting MyEtherWallet, Binance and other well-known sources containing users’ credentials such as passwords and private keys to cryptocurrency.
Shitcoin Wallet Has Suspicious Features
Yes, that’s the truth. Shitcoin wallet was actually built for trouble online. As the name itself implies that it’s better to stay away from this Ethereum Wallet, Shitcoin Wallet reportedly contains some suspicious added features. According to the reports, this Ethereum Wallet was launched on December 9, 2019 and claims to have more than 2000 users. It is a web-based wallet comprising several extensions for different browsers.
A company blog post notes –
“It is a web wallet which has several extensions for different browsers, which I will discuss further in the article.”
While the users might have received a small amount of free ETH, they have certainly compromised their personal data and have it scraped leaving it vulnerable to be used remotely.