A simple and general cryptocurrency wallet that’s accessible through the browser is found to be stealing private keys of users’ wallets. Shitcoin Browser extension is just another crypto stealer hiding safely and deploying malicious codes whenever possible.

Shitcoin wallet, as others players, the makers of this promised absolute privacy for its users and turned hypocrite. While claiming it to support multiple browsers, it’s now available only for Chrome and as an app for Windows. The wallet has already 600+ installs from Chrome store, and can potentially steal users cryptocurrencies.

This Ethereum based wallet supports all transactions and storing of Ethers and numerous ERC20 tokens that are processed by ICO and built on Ethereum blockchain. While it promises to let store the Private key in users computer, it injects malicious code to steal the private key and send it back to hacker’s base, the erc20wallet.tk.

Shitcoin Browser Extension
Image by Hacker Noon

After deploying the code from a remote server, the JavaScript code targets 77 sites to inject the code further and steal credentials. Aside from this, it also steals user’s login credentials of popular exchanges like MyEtherWallet, Binance, Idex.Market, NeoTracker and Switcheo.exchange and transports them back to hacker’s base. It’s soo sophisticated that, both the 32-bit and 64-bit extensions of this wallet are detected as fraud by only a few of VirusTotal’s antivirus engines.

While it’s yet unclear that Chrome’s extension been compromised or the makers have intentionally done this, but it’s potential enough to do something big. Harry Denley, director of MyCrypto is the first one to surface this fact, and detailed in his blog post. And as ZDNet reported, Shitcoin processes its activity as follows;

  • Users install the Shitcoin extension
  • After which, it requests permission to inject the malicious JavaScript code on several websites
  • And when users navigate to any of these targeted sites, the extension injects the sourced code https://erc20wallet.tk/js/content_.js and activates on crypto exchanges.


Please enter your comment!
Please enter your name here