Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Buy and sell crypto via Apple Pay, cards, Google Pay, bank transfers, and more
P2P
0 Fees
Zero fees, 400+ payment options, and seamless cryptocurrency buying & selling
Gate Card
Offer easy crypto transactions globally
Markets
Trade
Basic
Advanced
Futures
Futures
Hundreds of contracts settled in USDT or BTC
TradFi
Gold
Trade global traditional assets with USDT in one place
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
Earn futures points and claim airdrop rewards
Investment
Community
Square
Share your post and stay informed about crypto and beyond
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
More
Promotions
Others
TradFi
giveaways
Rewards Hub
Square
Latest
Hot
News
Profile
ValidatorVikingvip

We're releasing an update on the Browser Extension v2.68 security incident that impacted users recently.



Here's what we've uncovered about how the attack unfolded and what it means for the broader Web3 ecosystem:

Our investigation reveals the attack vector exploited a vulnerability in the extension's update mechanism. The attacker managed to inject malicious code during the distribution phase, affecting users who updated to that specific version.

Key findings:

- The incident highlights a critical gap in extension security frameworks
- Update verification processes need stronger cryptographic validation
- Wallet extensions remain high-value targets for sophisticated threat actors

For the industry, this signals the need for:

1. Stricter code review protocols before release
2. Decentralized verification mechanisms for extension updates
3. Real-time threat monitoring and automated rollback capabilities

We've already implemented comprehensive patches and security hardening measures. All affected users are advised to update immediately to the latest secure version and review their wallet activity.

This incident underscores why security infrastructure in Web3 cannot be treated as an afterthought—it's foundational.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 8
  • Repost
  • Share
Comment
0/400
CrossChainMessengervip
· 01-02 11:19
Coming again? This time directly attacking during the update phase, pretty ruthless... No wonder a bunch of people's wallets got emptied.
View OriginalReply0
HalfIsEmptyvip
· 2025-12-31 00:56
The update mechanisms can all be bypassed; this extension really isn't good... Hurry up and update, everyone.
View OriginalReply0
RektHuntervip
· 2025-12-30 16:14
It's another problem with the update mechanism... Did you learn your lesson this time?
View OriginalReply0
TokenStormvip
· 2025-12-30 16:12
Vulnerabilities in the update mechanism? That's why I never use automatic updates; manually verifying the hash is the way to go. On-chain data shows that this round of attack affected about 3.2% of wallets. The scale of loss is far less severe than the official reports, but it's still quite alarming. Honestly, this incident exposed the soft underbelly of the entire ecosystem, but it also created arbitrage opportunities for auditing firms. The security infrastructure of the wallet extension layer is indeed inadequate, but after this patch, the risk level should be reduced to an acceptable range. I'm curious about which addresses were hacked; on-chain data speaks volumes. Whenever something like this happens, the price drops immediately. I've already seen the gas fees spike... another wave of liquidation is coming. To put it simply—if you don't own the private key, you don't own the coins. How hard is self-custody, really?
View OriginalReply0
GasFeeCriervip
· 2025-12-30 16:07
Another security incident... This time the update mechanism has a problem. It feels like Web3 infrastructure is still too fragile. Hurry up and update the version, everyone, don't get caught like last time. The update verification process must be strengthened, or we'll be on edge every day. If this kind of thing happens in CeFi, it would be a total disaster. Let's comfort ourselves a bit.
View OriginalReply0
StableBoivip
· 2025-12-30 16:05
Once again, the wallet plugin is stuck, really need to learn self-management. A reliable ecosystem doesn't have so many issues.
View OriginalReply0
MentalWealthHarvestervip
· 2025-12-30 16:01
It's another extension issue. I keep saying wallet plugins need to be monitored daily; if you're not careful, you'll get exploited. Hurry up and update, don't keep messing around. Why is it always the update mechanism that has flaws? This is really the time for infrastructure to be improved. Extensions are really a sieve; luckily, I caught this early this time.
View OriginalReply0
AirdropLickervip
· 2025-12-30 15:54
Another security incident? Wallet extensions really need to be properly managed, or our ecosystem will be doomed.
View OriginalReply0

  • Pin

Sitemap