Posted on

Google Yanked MetaMask From the Chrome Store, Left a Phishing Scam Up

It was “an interesting wake-up call.”

That was how Kevin Serrano, an employee at ethereum startup and incubator ConsenSys, described the revelation that MetaMask had been removed from Google Chrome’s web store in a recently published blog post.

MetaMask, a Consensys “spoke,” is an ethereum wallet that also serves as a bridge between web browsers and the ethereum blockchain. A little after 10:00 a.m. EDT Wednesday morning, the MetaMask team announced on Twitter that the extension had been removed from the Chrome store.

The team received no explanation for Google’s action, according to Serrano, or even notification that it had happened – though he added that it’s possible the email bounced. The extension was restored to the web store around five hours later. According to Serrano, Google explained that delisting MetaMask had been an “error.”

And in this way, Serrano said it became clear:

“For a product that enables decentralized technology, [MetaMask] has centralized points of failure.”

It’s an issue blockchain entrepreneurs have grappled with since the industry first started testing its ideas.

One of the fundamental merits of blockchains and the decentralized applications built on top of them is that no single party can take down or censor them. Yet, this theoretical quality is frequently rendered moot, however, where blockchain networks meet the legacy web or financial system.

Centralized exchanges, where fiat currency is converted into cryptocurrencies, are the most commonly cited example of where censorship-resistance and decentralization fail in practice.

But this incident has highlighted another such choke point: app stores.

Making the app available to users, Serrano continued, requires “placing our trust in browsers, GitHub and the people deploying in order to keep the system working.”

Phishing frenzy

It’s not only the trust required to keep the extension open to the most users (sufficiently technically savvy users could have still downloaded it on Chrome), but also the fact that the action opened up opportunities for scammers – an endemic problem in the cryptocurrency space.

With MetaMask proper removed, Serrano wrote, “What was left when one searched the term ‘MetaMask’ on the store was a few re-branded MetaMask forks and one ambiguously branded lookalike.”

Indeed, the situation presented the risk of phishing, in which attackers trick would-be users into downloading fake files that contain malware.

At one point Augur, another ethereum project, tweeted a warning not to download an extension called “MetaMask by,” which was available in the Chrome store (it has since been removed). The app “is a fake, phishing app,” the Augur team wrote, attaching an image:

metamask phishing chrome

Serrano told CoinDesk in an email that attempts to steal from users were also present on Telegram, a messaging platform popular with cryptocurrency enthusiasts, where attackers were “posing as an alternative support desk.” It appears that some users were affected by this scam, he said, as well as an unrelated one on the Google Play Store, which lists apps for Google’s Android operating system.

A Google spokesperson declined to comment on these phishing attempts.

While MetaMask continued to work on other browsers – Brave, Opera and Firefox – and those who had already downloaded the Chrome version were still able to use it, the team is looking into more decentralized alternatives such as IPFS, Serrano said.

The team also published a guide to installing the extension manually.

Fish hooks image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

MetaMask Google Extension Suddenly Gets Dropped From The Chrome Store

As per a tweet from the official MetaMask team, its popular Ethereum interfacing application was suddenly removed from the Google Chrome web store.

For the uninitiated, MetaMask is an innovative plugin that allows its users to run and interact with Ethereum decentralized applications (DApps), requiring nothing but your browser and an internet connection. Many DApps and Ethereum-based consumer platforms or games utilize MetaMask as the main interface. For example, a decentralized exchange like IDEX allows you to sign in using your MetaMask account, utilizing the extension for ease-of-use in exchange transactions.

The extension can also be used as a secure wallet, allowing users to manage multiple “identities” (wallets) through its easy-to-use system.

The team behind the piece of software put it best when they stated:

Our mission is to make Ethereum as easy to use for as many people as possible.

However, as aforementioned, it was revealed that the application had been delisted from the Chrome web store, with the MetaMask team noting that they weren’t too sure why this had occurred. Issuing a PSA on the matter, the MetaMask team wrote:

PSA: MetaMask has been delisted from the Chrome Web Store. We are unsure of why this is the case and we will update everyone as we get more information. All other browsers are unaffected.

According to a tweet following the PSA, those who have the extension installed should not be affected by the Chrome delisting, with this change only affecting users who are or were looking to download MetaMask.

However, the team made it clear that they are trying to resolve this issue, most likely working with their in-house and Google Chrome developers to restore the plugin to the web store of the largest web browser in the world.

It is also important to note that the MetaMask extension is still available for users of the Firefox, Opera, and the crypto-centric Brave browsers.

MetaMask Removal Met With Confusion And Outrage

Due to the fact that this extension is used by thousands, if not tens of thousands of users, the announcement was quickly met with confusion and outrage aimed at Google Chrome.

One Twitter user said “It is time for revolution,” garnering a lot of community support in the form of tweet likes. This level of support indicates that many see this move as a hand-picked move taken against a cryptocurrency-related piece of software in a bid to beat down the crypto industry.

While another user, while not being as cynical as the other user, believed that this was an automated process that banned MetaMask due to keywords that affiliate it with crypto mining add-ons, which are banned by the Chrome web store.

For now, Chrome users looking to download MetaMask will need to stick to an alternative method proposed by the startup, requiring users to undertake some technical steps to add the extension to their browser.


Posted on

MyEtherWallet Gets Hit By CyberAttack From Google Chrome Store Hackers

MyEtherWallet (MEW), one of the most well-known services for managing Ether wallets, recently took to social media to relay an urgent message about a potential cyber attack. According to the Tweet, the Hola VPN extension was in a hacked state for five hours, allowing for the hackers to monitor the activity of some MyEtherWallet users through the extension.

Ironically enough, the VPN service meant to secure your online experience has slipped up again, with this most recent situation being Hola’s second case of bad press.

The wallet service advised that MEW users who had the Hola extension installed should immediately move their funds to a secure wallet, ensuring that the risk of attack is mitigated.

Unlike many other traditional third-party wallets, MEW takes a ‘you are your own bank’ approach, encouraging its users to take control over their own private keys. Although the MEW service has been lauded for the decentralized aspects it offers, the private key system increases the risk of fund loss/mismanagement on a user-to-user basis.

Hola VPN, a free virtual private network (VPN) service with almost 50 million users, later released a report, giving their take on the situation. The blog stated:

Yesterday our deployment team discovered that the Hola Chrome extension which was live for a few hours was not the one that our development team uploaded to the Chrome Store. After initial investigation, we found that our Google Chrome Store account was compromised, and that a hacker uploaded a modified version of the extension to the store.

The post went on to say that the version has since been taken down, and the Chrome Store account has been resecured. After ensuring that the fraudulent version was taken down, the Hola team set out to investigate the intent of the out of the blue attack.

After a few hours of investigative efforts, Hola determined that MEW users were the specific target for this attack. The cyber attack consisted of injected lines of JavaScript that allowed for the hackers to phish MEW account information, by re-directing MEW users to the hacker’s clone website.

Once figuring out the intent of the attack, Hola quickly contacted MEW and Google, making sure that the phishing website was unavailable to access.

The wallet’s team told TechCrunch that the attack seemed to originate from “Russian-based IP addresses.”

The most recent attack had some users think back to a similar situation which happened in April. Earlier this year, hackers hijacked “a couple of Domain Name System registration servers” that were linked to MEW, re-directing users to a phishing site. With this attack, the hacker was able to transfer over 215 Ethereum from unsuspecting users to his/her account.

It is still unclear how many users fell victim to the most recent attack, but one Reddit user noted that he/she lost 6000 VEN, worth around $12,000 at the time of press. MEW reaffirmed their commitment to the security and safety of its users, noting:

The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day.


Posted on

Google Bans Crypto Mining Browser Extensions from Chrome

Google has banned cryptocurrency mining browser extensions from the Chrome store.

The U.S. tech giant announced its decision on Monday, and said that in July it will start removing existing browser extensions that facilitate mining. Other blockchain-related extensions are still allowed.

Google previously permitted Chrome mining extensions as long as they were solely dedicated to mining and explicitly informed users of their purpose. But that policy wasn’t enough to deter or keep out noncompliant add-ons.

Forum posts from The Chromium Projects – an open-source initiative started by Google to furnish source code for Chrome – show that developers have been concerned about mining extensions since last autumn.

According to Wired, Google decided to implement Monday’s ban because the majority of mining extensions submitted to the Chrome Web Store failed to comply with its sole-usage policy.

“The key to maintaining a healthy extensions ecosystem is to keep the platform open and flexible,” James Wagner, Google’s extensions platform product manager told Wired. “This empowers our developers to build creative and innovative customizations for Chrome browser users.” He explained further:

“This is why we chose to defer banning extensions with cryptomining scripts until it became clear that the vast majority of mining extensions submitted for review failed to comply with our single purpose policy or were malicious.”

The mining extension ban comes less than a month after Google announced its plans to ban cryptocurrency-related advertisements.

Clandestine cryptocurrency mining has become increasingly common in recent months, with governments and major companies alike suffering from attacks.

In February, for example, electric vehicle maker Tesla’s cloud was compromised by mining malware. U.K. government websites were also exploited by mining malware around the same time.

In January, cybersecurity firm TrendMicro discovered that Google itself was a victim, and that its DoubleClick Ads were used to distribute crypto mining malware.

Google Chrome app image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.