Scammers to Replace MEGA Extension to Steal Crypto

MEGA is a popular file exchange service; scammers were able to replace its official Google Chrom extension
05 September 2018   2180

The popular file-sharing service MEGA reported a hacker attack. Attackers managed to replace the official Chromme extension of the service and to collect data on users' crypto-currency wallets.

On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.

MEGA Blog

Thus, attackers could get access to the popular cryptocurrency wallets MyEtherWallet and MyMonero. Also, users' funds on the decentralized IDEX exchange are under the thread too.

Representatives of the file sharing company stressed that the fake extension was replaced by a genuine one four hours after the substitution. And an hour later, Google reacted and removed the extension from the Chrome store. Note that at the time of publication, the MEGA extension for Chrome in the official store is still not available.

Earlier it was reported that users of MyEtherWallet, using the free VPN-plugin Hola, could become victims of a hacker attack.

Ethereum to Unveil Muir Glacier Hardfork Date

The hardfork is desgined to delay complexity bomb acitvation and all node holders asked to update software by Dec 30, 2019
23 December 2019   306

The Ethereum Foundation website has published details of another hard fork designed to delay the activation of the so-called complexity bomb.

The update was called Muir Glacier and will be activated on block # 9200000, which is expected to be produced on January 2, 2020, depending on the speed of release of the blocks.

In a message, the lead developer of the Ethereum Foundation, Hudson Jameson, asked node holders to update their software by December 30, 2019.

The complexity bomb is a complementary Proof-of-Work algorithm for regulating the complexity of Ethereum mining, exponentially increasing its value every 100,000 blocks. By increasing the time spent in blocks, the complexity bomb is also designed to encourage participants in the Ethereum ecosystem to switch to the Proof-of-Stake (PoS) algorithm.

Earlier, Ethereum developers discussed the possibility of completely removing this mechanism, but in the end they agreed to postpone it, for which Muir Glacier hard fork will be held. After it, the activation of the complexity bomb will be delayed by 4 million blocks.

According to Etherscan, today the difficulty value is 17.15 seconds. This, although almost twice as low as in September 2017, still leads to too long a transaction processing time.