Binance has introduced a beta version of its new wallet browser extension. This feature allows users to directly manage their crypto assets via the Chrome browser. But is it completely safe?
summary
- Binance has launched a new Chrome browser extension for Crypto Exchange wallets. This splits the access key into three separate shares.
- Hackers often create fake browser extensions and websites to infiltrate traders’ devices and access crypto wallets.
On August 26th, Binance introduced a beta version of the feature that allows users to manage crypto assets and communicate directly with DAPPS and other Web3 features through a web browser. The extension employs what is called keyless multi-party computing technology, which eliminates the need for a single traditional private key.
Instead of one long private key, MPC splits it into multiple fragments or “shared”. This is stored by various parties or devices. For this browser extension, the technology generates three individually stored key shares, eliminating one access point.
Users can log in to their account and unlock the keyless browser feature by scanning the system-supplied QR code. Alternatively, users have the option to import an existing wallet using a seed phrase or private key. The extension places all existing wallets in one place.
Additionally, this extension allows users to connect DAPPs and manage assets across multiple chains. First-time users will need to set a password to activate the browser extension. Currently, the extension is only available on Google Chrome. Exchange claims that more browser support will be added in the future.
According to the notification, the session will automatically expire within 24 hours of inactivity, with a maximum login period of 48 hours. However, this may change as Exchange prepares to deploy more tweaks after the beta version.
You might like it too: Binance grants the right to prevent custody of the Spanish Bank BBVA Crypto “FTX 2.0”: Report
What are the safety risks for Binance’s keyless MPC browser extension?
Keyless MPC reduces significant risk by spreading the private key across three shards, but also opens up new attack surfaces. This is primarily related to browser extensions and device login flow.
Hackers are becoming smarter, and many of them are trying to find a loophole to access trader’s crypto wallets. Many of them have launched full-scale campaigns aimed at crypto traders. Use of hidden malware on websites, or using browser extensions that pretend to be major crypto exchanges.
Binance was one of the crypto exchanges used as a frontline for bad actors to seduce crypto traders considering setting up an account. Without you knowing, you just have to go to fake binance sites that steal user data and permeate your devices. The same can be said for users who are downloading fake Chrome extensions that provide login QR.
Another access point that hackers can exploit comes from the extension itself of the browser that is being hijacked. If your extension has a wide range of host permissions or content scripts, malicious updates allow you to read the page, insert requests, or traders to trick you into approving the transaction.
If your browser or device is already infected with malware, bad actors can easily intercept requests and access the wallet seed phrases if the save password option is enabled. If a user chooses to import an existing wallet via the extension, the hacker may have access to all wallets in one location.
Users can mitigate these risks by verifying that the downloaded Chrome extension is an official extension issued by Binance. Additionally, users should always check the QR and make sure the site’s origin is correct before proceeding to scan the code.
You might like it too: Malware, which equips major crypto companies, targets over 10 million people worldwide
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
