PANews reported on August 8th that, according to Cointelegraph, cybersecurity firm Koi Security revealed that a hacker group called GreedyBear stole over $1 million in cryptocurrency through a three-pronged attack. The group employed a combination of browser extensions, malware, and scam websites, deploying over 650 malicious tools. Technical details revealed that the attackers released over 150 malicious extensions impersonating popular wallets like MetaMask on the Firefox store, using a "extension hollowing" technique to pass review before inserting malicious code. They also distributed nearly 500 cryptocurrency-themed malware samples, primarily through Russian pirated software websites. They also established a network of specialized scam websites impersonating hardware wallets and other products.

It's worth noting that all attacks were centrally controlled through a single IP server, and some code appears to have been generated using AI for rapid iteration. Cybersecurity experts warn that this marks a new stage of industrialization in cryptocurrency cybercrime and call on app stores to strengthen their review mechanisms.