Seychelles-based OKX has issued a warning about the spread of unauthorized add-ons to OKX Wallet, which are currently available in the Firefox Plug-in Store. According to user reports, the fake browser extension adds a third-party functionality within the website’s browser interface.
Although the Firefox add-on store has recorded less than 100 downloads as of this writing, the cryptocurrency exchange immediately issued a statement warning users that it has not released any Firefox extensions.
OKX issues an official statement
OK x The administration immediately responded to reports of fake add-ons and used its official Twitter/X page to warn and advise its users. In a post shared on January 8, OKX stated that the company has not officially released an official browser extension for its wallet and asked those who accidentally downloaded the extension to secure and transfer their digital assets immediately.
(Important Announcement)We’ve noticed that fake OKX Wallet add-ons have recently appeared in the Firefox add-on store. Please note: OKX has not officially released any plugins for Firefox⚠️
If you have used this malicious plugin, please transfer the relevant wallet assets immediately. We have complained to the Firefox administrators about this. … pic.twitter.com/GjImvSA35l
— OK X 中文(@okxchinese) January 8, 2025
OKX added that they have already filed a complaint with Firefox. The team also suggested that users download any plugins on its official website and asked its followers to report any suspected fake products or tools.
Fake browser plug-ins are now being used in phishing attacks
Counterfeit browser extensions are a growing problem online and have a significant impact on the financial community. Malicious browser extensions, such as fake OKX Wallet add-ons, may allow unauthorized access to financial information, account credentials, and other data.
Reports have shown that bad actors are also using these fake browser extensions for phishing activities aimed at tricking users into sharing their login information.
Over $1 billion lost to phishing scams in 2024
According to Sertic, the hackers used phishing to steal Cryptocurrencies Of unsuspecting victims in 2024. In Hack3d: The Web3 Security Report 2024the security company shared a list of expensive and notorious crypto scams and threats. According to the company, the industry lost more than $1 billion, representing 296 phishing attacks, a 21% increase from 2023 data.
Hacking incidents in 2024 as recorded by month. Source: CertiK
McAfee, another security company, discovered malware in September 2024 that affected Android mobile phones. The malware called SpyAgent appears to be a legitimate Android app, but it was a scam that affected nearly 300 fake apps. This malware uses optical character recognition (OCR) technology to scan images and steal personal information, including encryption passcodes.
Last September 19, 2024, Decentraland lost access to its social media page. After taking control of Decentraland’s Twitter/X account, hackers used it to promote phishing activities, luring unsuspecting users into clicking on fake links. Users who click on these fake links have lost some or most of their digital assets to the malware.
As for OKX, there have been no reports on how many users were affected or whether these fake browser extensions harmed their digital assets.
Featured image from SCMP, chart from TradingView