🐫Silk Road Liquidating? 🖥️ MEGA Extension Compromised — Cryptos for the Rest of Us

After staging a recovery to see Bitcoin trade over $7,300, markets fell once again with BTC back down to $6,500. This selloff could possibly be linked to the Silk Road wallet liquidating some of their tokens.

🐫 Silk Road Liquidating?

What’s the Story?

A wallet with 111,114BTC ($1bn) and similar token amounts in BCH and other forks has began moving coins out. The wallet is suspected to be linked to the Silk Road. The Silk Road was a marketplace on the dark web most commonly used for illegal drug transactions handled in BTC. As a result the operator known as ‘Dread Pirate Roberts’ (DPR) accumulated a large amount of Bitcoin.

What’s Going On?

In 2013, Silk Road operator Ross Ulbricht was arrested and convicted. It’s unclear whether this wallet is actually the Silk Road’s, but it’s been suspected for a while. The wallet has been dormant for over 4 years and 5 months, almost exactly when Ross Ulbricht was arrested.

This makes the sudden activity all the more confusing. It’s hypothesised that DPR was a pseudonym for multiple people behind the Silk Road, and not just Ross Ulbricht.

Over $110mn worth of BTC have been moved to Binance and Bitfinex so far. A large number are also being subdivided into 100 coin groups and moved around various wallets. It’s possible that the coins are being laundered. It’s also possible that they’re being split up to be put into cold storage.

Here’s the original wallet.

Why Should I Care?

With such a large amount of BTC on the move it’s got the potential to move the market. When the Mt. Gox trustee began liquidating the BTC wallets it was widely blamed for crashing the market. It’s possible that a similar scenario could occur here too.

🖥️ MEGA Extension Compromised

What’s the Story?

The Chrome browser extension for MEGA has been compromised. MEGA is a file hosting service. The extension now steals usernames and passwords for sites including Google, Facebook, MyEtherWallet, Github, and Microsoft accounts, amongst others. The stolen data is being sent to a server in Ukraine.

How did this Happen?

The source code for the MEGA extension itself was not changed. The hackers compromised MEGAs Google account used for submitting updates to the Chrome store.

“On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (read and change all your data on the websites you visit) that MEGA’s real extension does not require,” reads the statement. “Please note that if you visited any site or made use of another extension that sends plain-text credentials […] while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.”

Am I at Risk?

Browser extensions can pose a security risk. Common extensions like ad-blockers that have access to the whole browser are a prime target for similar attacks. To mitigate this risk it’s worth considering one of the following when accessing crypto/sensitive material:

  • A separate Chrome identity with no extensions or saved passwords
  • Incognito mode with extensions disabled
  • A separate browser with no extensions or saved passwords.

If you liked this issue, give it a clap or two 👏 It may just be a click for you but it gives me great motivation!