LIVE
Thailand Expands Probe Into Chinese-Led Crypto Mining NetworkBitcoin Falls Below $59,000 After U.S. PCE Inflation ReleaseSBI Holdings Acquires Bitbank for $288.6 Million in JapanCircle and Nomura Partner to Bring Instant FX Settlement to JapanRipple Partners With SBI Group to Launch Stablecoin in JapanHyperliquid X Launches Portfolio Margin in BetaAnthropic Pre-IPO Futures Drop After Coinbase DebutEthereum Foundation Cut Staff, Slashed Budget 40%: ReportTelegram Traders See 80% Chance of Bitcoin Falling Below $55,000Charles Schwab Bitcoin Trading Rollout: What We KnowThailand Expands Probe Into Chinese-Led Crypto Mining NetworkBitcoin Falls Below $59,000 After U.S. PCE Inflation ReleaseSBI Holdings Acquires Bitbank for $288.6 Million in JapanCircle and Nomura Partner to Bring Instant FX Settlement to JapanRipple Partners With SBI Group to Launch Stablecoin in JapanHyperliquid X Launches Portfolio Margin in BetaAnthropic Pre-IPO Futures Drop After Coinbase DebutEthereum Foundation Cut Staff, Slashed Budget 40%: ReportTelegram Traders See 80% Chance of Bitcoin Falling Below $55,000Charles Schwab Bitcoin Trading Rollout: What We Know
Friday, June 26, 2026

BLOCKCHAIN • CRYPTOCURRENCY • NARRATIVE JOURNALISM

Homepage/News/GreedyBear Cybercrime Group Steals $1 Million in Crypto
NEWS

GreedyBear Cybercrime Group Steals $1 Million in Crypto

BY Joshua Trelawen·2 MIN READ·AUGUST 10, 2025

Cybercrime group GreedyBear has reportedly stolen over $1 million in cryptocurrency through a complex campaign targeting Firefox browser users earlier this year.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
4External source domains cited in the article
2 minEstimated time to read the full report
Key Points:
  • GreedyBear conducts coordinated crypto theft using fake browser extensions.
  • Over $1 million stolen in cryptocurrency.
  • Experts urge stronger security measures for browser wallets.
greedybear-cybercrime-group-steals-1-million-in-crypto
GreedyBear Cybercrime Group Steals $1 Million in Crypto
MAGA

The actions highlight vulnerabilities in browser-based wallets, urging higher security vigilance as cryptocurrency becomes more mainstream.

GreedyBear’s Sophisticated Scheme

GreedyBear, a cybercrime group, engineered a highly coordinated campaign to steal over $1 million in cryptocurrency. They utilized fake browser extensions and malware targeting major wallet platforms. The operation bypassed defenses on the Firefox browser marketplace, affecting numerous users. The group’s tactics included the creation of over 150 fake browser extensions mimicking popular wallet platforms like MetaMask and TronLink. Expert Tuval Admoni, Security Researcher at Koi Security, emphasized the multi-faceted nature of their approach, combining various attack vectors for effectiveness.

“Most groups pick a lane — maybe they do browser extensions, or they focus on ransomware — GreedyBear said, ‘Why not all three?’ And it worked. Spectacularly.” — Tuval Admoni

Impact on Users and Call for Security

Retail users suffered the primary impact of GreedyBear’s attack, as the stolen funds were withdrawn from individual crypto wallets. The attack has prompted security experts to call for more rigorous approval processes for browser extensions, highlighting existing vulnerabilities. The incident has severe implications for the security of crypto assets, particularly those stored in non-custodial wallets. An increase in malicious activities exploiting digital wallet platforms raises concerns over the future security of decentralized finance ecosystems.

Need for Enhanced Security Measures

The GreedyBear cyber attack demonstrates the need for enhanced security measures in the cryptocurrency industry. Increased vigilance and advanced security protocols could mitigate similar threats. Experts suggest more robust extension review processes to protect user assets effectively.

Luvid, Researcher, remarked on the nature of these attacks, “These attacks exploit user expectations and bypass static defenses by injecting malicious logic directly into wallet UIs.” This highlights the pressing need for developer transparency and user vigilance to counter such sophisticated threats.

Disclaimer:

The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions.

SOURCE TRANSPARENCY
  • External Source - Referenced domain: buy.magacoinfinance.com
  • External Source - Referenced domain: ainvest.com
  • External Source - Referenced domain: twitter.com
  • External Source - Referenced domain: cryptotimes.io
  • Byline - Reported by Joshua Trelawen
  • Coverage Desk - Primary editorial category: News
NEWS

More from News

GreedyBear Cybercrime Group Steals $1 Million in Crypto | TheCCPress