Crypto Traders, You Are So Close to Losing Your Crypto (and How to Fix It in a Minute)

Depositing to an Exchange (and the Risks)

You’ve got $100 worth of Bitcoin (0,0018 BTC as of today) sitting in a wallet. You’re thinking, “Maybe I should try my luck at trading”. Can’t blame you!

BTC address as shown in the Binance.com “deposit” tab

Address Spoofing — How It Works

The address you just sent bitcoin to was not your Binance BTC address. It wasn’t mine either, I’m an innocent dude. Actually, you can’t tell whose address it was, since it’s all anonymous (that’s kind of the point). You also cannot complain to anyone, because no single body has authority or governance over Bitcoin.

Blame your Chrome Extensions

Have you ever used AdBlock? I’m sure you do. So let me spoil it — it probably wasn’t AdBlock. But technically speaking, any Chrome Extension you install can steal your crypto.

A harmless Chrome Extension

How would such extension work?

I don’t want to assume all of my readers are coders. Therefore, here is a GitHub repository with sample code, for the technical folks(educational purposes only!).

  1. Waits for the Binance Crypto Deposit screen to load (“https://binance.com/…/…/…/deposit/crypto/BTC”)
  2. Extracts the “symbol” of the token from the address (note the “BTC” at the end).
  3. Maps the token to a list of pre-defined wallet addresses, to find a matching wallet.
  4. Once the page has loaded, and the real wallet address has been rendered on the screen, the script will replace the text with the hijacker’s wallet address.

Will this work on any exchange?

The answer is yes, as long as it is web-based.

The Solution

I can’t stop you from using Chrome Extensions. In fact, I am using dozens of extensions as this helps me with my daily job as a Software Engineer.

How do I create a new profile?

It’s incredibly simple. At the topbar, you’ll see a “People” menu. Click that, and select “Add Person”.

Chrome “People” menu

About me 👨🏻‍💻

My name is Ariel Weinberger. I currently work as an Engineering Lead for Abcam. Over the past two years, I have produced two online software engineering courses on Udemy and so far have educated over 110,000 students worldwide. Programming and education are my passions.

Wanna thank me?

You don’t have to. But if you insist 😉

Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ariel Weinberger

Ariel Weinberger

Passionate about education in Software Engineering. Bestselling Udemy instructor. Self-taught Software Engineer and Engineering Manager.