Crypto Roundup: Harmful Firefox Extensions

Information Security Media Group regularly reviews cybersecurity incidents related to digital assets. This week, highlights include the discovery of over 40 malicious Firefox extensions targeting cryptocurrencies, the sentencing of three individuals in Belgium for the kidnapping of a crypto investor’s spouse, and a notable rise in crypto theft. Additionally, the U.S. Secret Service emerges as a primary custodian of cryptocurrency, with prosecutors working to recover funds stolen by a fraudulent committee posing as a presidential inauguration entity.

See Also: OnDemand | NSM-8 Deadline July 2022: Keys for Quantum-Resistant Algorithms Implementation

A security researcher has revealed a significant crypto scam campaign, dubbed FoxyWallet, which has employed more than 40 deceptive Mozilla Firefox extensions to swindle users of their cryptocurrency. These extensions falsely imitate legitimate wallets associated with platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, and Exodus.

The fraudulent activity begins when users download these rogue extensions, permitting the exfiltration of their wallet credentials and IP addresses from their browsers. This scheme has been in operation since April and continued to expand until June, with the researchers attributing it to a group of Russian-speaking hackers.

A Belgian court has sentenced three adults to 12 years in prison each for their involvement in the abduction of the wife of Stéphane Winkel, a crypto investor and coach. The presiding judge also mandated that the perpetrators pay damages exceeding one million euros to the victims, according to local reporting from Dernière Heure.

The incident occurred in December 2024 when Winkel’s wife was forcibly taken outside their residence in Forest, with the kidnappers demanding a ransom. Law enforcement swiftly responded, leading to the capture of the van carrying the abductors near Bruges. Authorities have arrested multiple suspects, including a teenager, while investigations continue to locate the orchestrator of the crime.

Crypto theft has surged in 2025, with thieves reportedly stealing approximately $2.1 billion worth of digital assets in the first half of the year, as suggested by TRM Labs. The most significant breach involved Dubai-based crypto exchange Bybit, which was reportedly executed by North Korean hackers and accounted for almost 70% of the total losses during this period, increasing the average size of a hack to $30 million.

While North Korean hackers remain a prominent threat, other nation-state actors are emerging, as highlighted by the June breach of Nobitex, Iran’s top crypto exchange, allegedly executed by the hacker group Gonjeshke Darande, suspected to be linked to Israeli intelligence.

According to Bloomberg, the U.S. Secret Service has successfully recovered nearly $400 million in cryptocurrency from criminal operations over the past decade, with a significant portion secured in a single cold-storage wallet. This positions the agency as a preeminent crypto custodian, following its historical involvement in early cryptocurrency regulation efforts involving entities like Liberty Reserve and E-Gold.

The U.S. Department of Justice is aiming to reclaim Ethereum that was seized by the FBI linked to a business email compromise scheme impersonating the Trump-Vance Inaugural Committee. U.S. Attorney Jeanine Ferris Pirro has filed a complaint to retrieve 40,353 USDT.ETH, worth over $40,300 intended to reimburse a victim who unknowingly donated $250,300 in cryptocurrency to the fraudulent committee.

Victims were misled by an email masquerading as communication from Steve Witkoff, co-chair of the Trump-Vance Inaugural Committee. The FBI traced the fraudulent activity to Nigeria, recovering a portion of the stolen funds. U.S. authorities caution all donors to thoroughly verify the legitimacy of cryptocurrency transfers, given the complex nature of blockchain transactions that complicate efforts to regain lost assets.