suspect chrome extension data breach- need access logs

23 views
Skip to first unread message

bacool b

unread,
Sep 7, 2021, 4:52:29 PM9/7/21
to Chromium-dev
Hi, I suffered a major crypto hack of 2 personal self-custody wallets of mine on last Thursday and I now believe it was due to a chrome extension accessing personal data on my macbook desktop (and reading secret keys of said wallets). Why have I narrowed it down to this as the attack vector? Because the day before the hack, the only thing thing I did was install 2 wallet extensions on my Chrome browser. 

No, these were not fraudulent extensions with whom I got phished, but these were the original proper extensions i have verified. And I did not fund these 2 wallets, it is my other unrelated wallets that got hacked (Exodus, Metamask) and I believe it is because there is likely a way a Chrome extension and therefore developer or other affiliated person can access personal data. 

The data in question was my secret keys stored in a text file on my Mac desktop. This has been here for months and there has not been any issue prior to this, and the fact that this happened the day after I installed 2 new extensions points to this hypothesis.

No, I was never phished nor entered my secret keys online ever in any way- I have never done this and would never do this. No, this was not due to a rogue smart contract that zapped my wallet (because that would not explain how several entire wallets got hacked) and no, it was not due to some keylogger or other malware (have done many scans from several software, all negative). 

So my question: Either GeroWallet or Phantom Wallet apps have accessed data on my mac desktop in some way.

How can I verify if this has happened maybe through some logs Chrome stores, identify when it happened via any logs Chrome would store of said access, and keep said proof?  

Thank you for your help!
Reply all
Reply to author
Forward
0 new messages