AdsPower fingerprint browser was attacked by a supply chain attack, and the cryptocurrency wallet plugin was infected to steal user mnemonic phrases.
Event Details
AdsPower fingerprint browser was hacked, and some of its cryptocurrency plugins were replaced by hackers with malicious versions to steal users' private keys and mnemonic phrases. If you have performed any operations from January 21 to January 24 (UTC+8), it is recommended to immediately transfer your wallet balance to another place to ensure safety.
The popular cryptocurrency tool fingerprint browser AdsPower recently released a security announcement, stating that the browser was attacked causing some cryptocurrency wallet plugins to be maliciously replaced, and the malicious versions of the cryptocurrency wallet plugins will steal users' wallet mnemonic phrases and private keys.
Users who have updated or installed cryptocurrency wallet plugins between January 21, 18:00 and January 24, 18:00 (UTC+0800) should reinstall the plugins and transfer funds to a new wallet.
SlowMist Cosine disclosed on platform X that the AdsPower breach involved stolen funds exceeding $4.1 million, mainly concentrated in four addresses.
If users have not performed any operations during this period or have not received in-app notifications from the fingerprint browser, there is no need to worry, as the fingerprint browser team claims user accounts should be safe. However, if users are still concerned, it is recommended to also transfer their funds.
Attack Methods
Currently, the fingerprint browser has not disclosed how the hackers launched the attack, but it may also be considered a supply chain attack, as the fingerprint browser is used by many Web3 users.
According to rumors, it involved replacing plugins related to MetaMask, precisely brushing the database to replace the wallet plugins in AdsPower fingerprint browser's OSS, affecting over thirty thousand users.
The main feature of this browser is the ability to generate and reset browser fingerprints for identity isolation, which is why many Web3 users like to use this browser for operations, making it a targeted choice for hackers.
AdsPower's response was quick, but it also scared some non-target users.
As for how many users are affected and how much funds have been stolen by hackers, it has not been fully accounted for, but the continuous three days have likely resulted in many investors' cryptocurrency wallets being emptied.
