Scammers to Replace MEGA Extension to Steal Crypto

MEGA is a popular file exchange service; scammers were able to replace its official Google Chrom extension
05 September 2018   1373

The popular file-sharing service MEGA reported a hacker attack. Attackers managed to replace the official Chromme extension of the service and to collect data on users' crypto-currency wallets.

On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.

MEGA Blog

Thus, attackers could get access to the popular cryptocurrency wallets MyEtherWallet and MyMonero. Also, users' funds on the decentralized IDEX exchange are under the thread too.

Representatives of the file sharing company stressed that the fake extension was replaced by a genuine one four hours after the substitution. And an hour later, Google reacted and removed the extension from the Chrome store. Note that at the time of publication, the MEGA extension for Chrome in the official store is still not available.

Earlier it was reported that users of MyEtherWallet, using the free VPN-plugin Hola, could become victims of a hacker attack.

Societe Generale to Issue ETH DLT Based Bonds

Societe Generale SFH used the OFH security token, based on Ethereum's public blockchain to issue secured bonds for 100 million euros
24 April 2019   79

French banking corporation Societe Generale Group issued bonds in the form of security tokens, using the public Ethereum blockchain.

On Tuesday, the company announced that its division Societe Generale SFH used the OFH token to issue secured bonds worth 100 million euros. According to the investor services of the rating agency Moody’s, Societe Generale turned out to be the “sole investor” of the financial instrument and did not involve any third-party participants in its purchase.

A bond is issued for a five-year term with a 12-month grace period. The security presented by a token gives its holder the same rights as that issued in traditional form.

Moody’s argues that the use of the blockchain can have a positive effect on the rating of a financial institution, in particular due to increased transparency and reduced likelihood of errors resulting from the difficulties and the number of intermediaries involved in the process of issuing secured bonds using traditional means.

PwC auditing company acted as a technology consultant for the project, while French law firm Gide Loyrette Nouel provided legal support.

Earlier this month, Societe Generale-owned private bank Kleinwort Hambros announced the creation of a exchange traded note, intended for investment in the blockchain industry.