A Chrome extension that promises to remove ads from a Bitcoin-related site is offering an additional feature users’ are unlikely to want, and that’s the theft of their Bitcoin’s when they attempt to make transfers on a number of leading Bitcoin exchanges.
The BitcoinWisdom Ads Remover is an extension that removes ads from BitcoinWisdom.com, a site more and more users are finding useful as it provides Bitcoin-related statistics in easy-to-understand charts.
It actually does remove the ads on the site, but according to Bitcoin exchange Bitstamp, Inc., the extension contains malicious code that redirects payments made by a user to its own Bitcoin address, when using the Bitstamp, BTC-E, and Hashnest services.
Be careful! We have uncovered a Chrome extension called BitcoinWisdom Ads Remover that will try to steal your #bitcoin.
— Bitstamp (@Bitstamp) March 11, 2016
The extension specifically swaps out QR codes that are used by these services for payments, meaning that a user won’t realize that the Bitcoin address has been changed; QR codes are becoming more commonly used by exchanges for Bitcoin payments as Bitcoin wallet addresses themselves include extremely long strings or characters that aren’t nearly as user friendly as a QR code instead.
Most hacks of Bitcoin wallets usually involved one of two methods: hacking the site hosting them directly or hijacking the computer of a user through a phishing attack or similar to intercept payments on the machine.
This new method falls somewhere in between, hijacking a browsing session with a simple, yet difficult to notice replacement of an address right under a Bitcoin wallet owners own nose.
Given the hatred many site owners have towards ad blockers, it’s also a little bit ironic that those trying to deny advertising revenue to sites are then stolen from themselves, but that’s an argument for another day.
At the time of writing the extension has been removed from the Google Chrome Web Store, but anyone still running the extension is advised to remove it immediately, and check to make sure any Bitcoin payments they have made since installing it haven’t been hijacked in the process.