- GreedyBear uses advanced tactics to steal $1M in crypto.
- Impacted cryptocurrencies include ETH, TRX, and ERC-20 tokens.
- Attacks involve malicious browser extensions exploiting user credentials.
GreedyBear, a cybercrime group, has reportedly stolen over $1 million in crypto assets using advanced tactics, according to cybersecurity researchers on August 10, 2025.
The incident highlights vulnerabilities in digital wallets, prompting security reviews and discussions across developer platforms about improving extension verification and user awareness.
The cybercrime group GreedyBear has been accused of conducting a sophisticated campaign stealing over $1 million in cryptocurrency assets. Researchers at Koi Security identified this heist involving malicious tools and AI-generated code targeting crypto wallets.
GreedyBear employs a range of tactics including browser extensions imitating leading wallet brands. Their actions highlight a shift in cyber tactics from protocol breaches to credential theft targeting crypto holders’ private keys.
The theft primarily affected ETH, TRX, and various ERC-20 tokens stored in popular browser-wallets like MetaMask. This highlights the vulnerability of user-controlled wallets against sophisticated credential-harvesting attacks.
No significant impacts on institutional treasuries or major DeFi protocols were reported. The attack caused financial disarray for retail users storing assets in prone wallet services as their credentials were exploited.
GreedyBear’s strategy includes releasing over 650 malicious tools aimed at deceiving users. This signals a potential escalation in future technological sophistication as groups harness AI for generating complex cyber threats.
Koi Security‘s analysis suggests an amplification in credential-phishing tactics compared to past events like the 2024 Chrome scams. The ongoing threat urges developers to fortify extension security and user awareness efforts. In the words of Tuval Admoni, a researcher at Koi Security, “GreedyBear is leveraging over 650 malicious tools and AI-generated code to significantly enhance their cyberattack capabilities.”
| Disclaimer: The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |
