Seychelles-based OKX has issued a warning regarding the spread of unauthorized OKX wallet add-ons that are currently available in the Firefox plug-in store. According to user reports, the fraudulent browser extension adds third-party functionality to the website’s browser interface.
Although the Firefox plug-in store has recorded less than 100 downloads at the time of writing, the cryptocurrency exchange immediately issued a statement warning users that it has not released any Firefox extensions.
OKX releases official statement
OKX management responded immediately to reports of fraudulent extensions and used its official Twitter/X page to warn and advise its users. In a post shared on January 8, OKX said the company has not formally released an official browser extension for its wallet and asked people who mistakenly downloaded the extension to immediately secure and transfer their digital assets.
[Ważne ogłoszenie]We have noticed that fraudulent OKX Wallet plugins have recently appeared in the Firefox plug-in store. Note: OKX has not officially released any plug-ins for Firefox⚠️
If you have used this malicious plugin, transfer the appropriate wallet resources immediately. We have filed a complaint with Firefox officials. … pic.twitter.com/GjImvSA35l
— OKX中文(@okxchinese) January 8, 2025
OKX added that it has already filed a complaint with Firefox. The team further suggested that users download any plugins from its official website and asked followers to report any suspected fraudulent products or tools.
Bogus browser plug-ins now used for attacks and phishing
Bogus browser extensions are a growing problem on the Internet and have a huge impact on the financial community. Malicious browser extensions, such as fraudulent OKX wallet add-ons, can allow unauthorized access to financial information, account credentials, and other data.
Reports have shown that dishonest criminals also utilize these fraudulent browser extensions for phishing activities that attempt to trick users into sharing their login credentials.
Over $1 billion in losses from phishing scams in 2024
According to Certik, hackers used phishing to steal cryptocurrencies from unsuspecting victims in 2024 in his Hack3d: The Web3 Security Report 2024security firm has released a list of costly and notorious cryptocurrency scams and threats. According to the company, the industry lost more than $1 billion, accounting for 296 phishing scams, a 21% boost over 2023 data.
Hacking incidents in 2024 as recorded by month. Source: CertiK
In September 2024, fellow security firm McAfee discovered malware targeting Android mobile phones. The malware, called SpyAgent, appears to be a legitimate Android app, but it was a scam that affected nearly 300 fraudulent apps. This malware uses optical character recognition (OCR) technology to scan images and steal personal information, including cryptographic codes.
On September 19, 2024, Decentraland lost access to its social media page. After taking control of Decentraland’s Twitter/X account, hackers used it to promote phishing activities, luring unsuspecting users into clicking fraudulent links. Users who click on these fraudulent links have lost some or most of their digital assets due to malware.
In the case of OKX, there were no reports on how many users were affected or whether these fraudulent browser extensions compromised their digital assets.
Featured image from SCMP, chart from TradingView