LIVE
Strategy Pauses Bitcoin Buys Until Preferred Shares RecoverBitcoin Held Inverse U.S. Dollar Correlation in Q2 2026SEC Approves Increase in BlackRock IBIT Options LimitCzech Republic Orders ISPs to Block PolymarketSBI launches Japan's first tokenized equity fund on SolanaInteractive Brokers Expands Crypto Trading and Transfers: ReportSpot Ethereum and Solana ETFs Edge Closer After S-1 UpdateStrategy Sold $466M of MSTR Stock While Bitcoin Reserves Stayed FlatSBI Holdings and Solana Launch Market in JapanThailand Reportedly Audits High-Volume Tether USDT TransfersStrategy Pauses Bitcoin Buys Until Preferred Shares RecoverBitcoin Held Inverse U.S. Dollar Correlation in Q2 2026SEC Approves Increase in BlackRock IBIT Options LimitCzech Republic Orders ISPs to Block PolymarketSBI launches Japan's first tokenized equity fund on SolanaInteractive Brokers Expands Crypto Trading and Transfers: ReportSpot Ethereum and Solana ETFs Edge Closer After S-1 UpdateStrategy Sold $466M of MSTR Stock While Bitcoin Reserves Stayed FlatSBI Holdings and Solana Launch Market in JapanThailand Reportedly Audits High-Volume Tether USDT Transfers
Homepage/News/GreedyBear Cybercrime Group Steals $1 Million in Crypto
NEWS

GreedyBear Cybercrime Group Steals $1 Million in Crypto

BY Joshua Trelawen·2 MIN READ·AUGUST 10, 2025

Cybercrime group GreedyBear has reportedly stolen over $1 million in cryptocurrency through a complex campaign targeting Firefox browser users earlier this year.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
4External source domains cited in the article
2 minEstimated time to read the full report
Key Points:
  • GreedyBear conducts coordinated crypto theft using fake browser extensions.
  • Over $1 million stolen in cryptocurrency.
  • Experts urge stronger security measures for browser wallets.
MAGA

The actions highlight vulnerabilities in browser-based wallets, urging higher security vigilance as cryptocurrency becomes more mainstream.

GreedyBear’s Sophisticated Scheme

GreedyBear, a cybercrime group, engineered a highly coordinated campaign to steal over $1 million in cryptocurrency. They utilized fake browser extensions and malware targeting major wallet platforms. The operation bypassed defenses on the Firefox browser marketplace, affecting numerous users. The group’s tactics included the creation of over 150 fake browser extensions mimicking popular wallet platforms like MetaMask and TronLink. Expert Tuval Admoni, Security Researcher at Koi Security, emphasized the multi-faceted nature of their approach, combining various attack vectors for effectiveness.

“Most groups pick a lane — maybe they do browser extensions, or they focus on ransomware — GreedyBear said, ‘Why not all three?’ And it worked. Spectacularly.” — Tuval Admoni

Impact on Users and Call for Security

Retail users suffered the primary impact of GreedyBear’s attack, as the stolen funds were withdrawn from individual crypto wallets. The attack has prompted security experts to call for more rigorous approval processes for browser extensions, highlighting existing vulnerabilities. The incident has severe implications for the security of crypto assets, particularly those stored in non-custodial wallets. An increase in malicious activities exploiting digital wallet platforms raises concerns over the future security of decentralized finance ecosystems.

Need for Enhanced Security Measures

The GreedyBear cyber attack demonstrates the need for enhanced security measures in the cryptocurrency industry. Increased vigilance and advanced security protocols could mitigate similar threats. Experts suggest more robust extension review processes to protect user assets effectively.

Luvid, Researcher, remarked on the nature of these attacks, “These attacks exploit user expectations and bypass static defenses by injecting malicious logic directly into wallet UIs.” This highlights the pressing need for developer transparency and user vigilance to counter such sophisticated threats.

Disclaimer:

The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions.
SOURCE TRANSPARENCY
  • External Source - Referenced domain: buy.magacoinfinance.com
  • External Source - Referenced domain: ainvest.com
  • External Source - Referenced domain: twitter.com
  • External Source - Referenced domain: cryptotimes.io
  • Byline - Reported by Joshua Trelawen
  • Coverage Desk - Primary editorial category: News
GreedyBear Cybercrime Group Steals $1 Million in Crypto | TheCCPress