Trade
Trading Type
Spot
Trade crypto freely
Pre-Market
Trade new tokens before they are officially listed
Margin
Magnify your profit with leverage
Convert & Block Trading
0 Fees
Trade any size with no fees and no slippage
Alpha
Points
Get promising tokens in streamlined on-chain trading
Leveraged Tokens
Get exposure to leveraged positions simply
Futures
Futures
Hundreds of contracts settled in USDT or BTC
Options
HOT
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Participate in events to win generous rewards
Demo Trading
Use virtual funds to experience risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
NEW
Trade on-chain assets and enjoy airdrop rewards!
Futures Points
NEW
Earn futures points and claim airdrop rewards
Investment
Simple Earn
Earn interests with idle tokens
Auto-Invest
Auto-invest on a regular basis
Dual Investment
Buy low and sell high to take profits from price fluctuations
Soft Staking
Earn rewards with flexible staking
Crypto Loan
0 Fees
Pledge one crypto to borrow another
Lending Center
One-stop lending hub
VIP Wealth Hub
Customized wealth management empowers your assets growth
Private Wealth Management
Customized asset management to grow your digital assets
Quant Fund
Top asset management team helps you profit without hassle
Staking
Stake cryptos to earn in PoS products
Smart Leverage
NEW
No forced liquidation before maturity, worry-free leveraged gains
GUSD Minting
Use USDT/USDC to mint GUSD for treasury-level yields
More
Promotions
Activity Center
Join activities and win big cash prizes and exclusive merch
Referral
20 USDT
Earn 40% commission or up to 500 USDT rewards
Announcements
Announcements of new listings, activities, upgrades, etc
Gate Blog
Crypto industry articles
VIP Services
Huge fee discounts
Proof of Reserves
Gate promises 100% proof of reserves
Trending Topics
View More12.38K Popularity
8.51K Popularity
37.77K Popularity
91.08K Popularity
2.65K Popularity
Pin
Over 1 Million Dollars Compromised: GreedyBear's Sophisticated Browser Attack Campaign
The Russian hacker group GreedyBear has successfully orchestrated a massive cryptocurrency theft operation over the past five weeks, with losses exceeding 1 million dollars, according to a recent security report from Koi Security. The cybercriminals deployed an arsenal of 150 modified Firefox extensions, approximately 500 malicious Windows executables, and dozens of phishing pages to execute their attack strategy.
Browser Extension Exploitation: The Primary Revenue Driver
The Firefox extension campaign has proven to be the group’s most lucrative method, generating the majority of the 1 million dollars in stolen funds. The attack methodology relies on a deceptive technique called Extension Hollowing, which bypasses app store security protocols. The hackers begin by uploading legitimate-appearing versions of popular cryptocurrency wallets—including MetaMask, Exodus, Rabby Wallet, and TronLink—to distribution channels. Once users download these extensions, subsequent updates inject malicious code into the applications.
To enhance credibility, the group artificially inflates user ratings through fake positive reviews, creating a false sense of legitimacy. This social engineering layer significantly increases download rates among unsuspecting cryptocurrency users. Once installed, the compromised extensions function as credential harvesting tools, silently capturing wallet private keys and access credentials. These stolen credentials are then weaponized to drain cryptocurrency holdings from victims’ wallets.
Diversified Attack Infrastructure
Beyond browser-based threats, GreedyBear operates a parallel attack stream using nearly 500 malicious Windows executables. These files are strategically distributed through Russian software repositories that host pirated or modified applications. The executables serve multiple purposes: some function as credential stealers targeting stored account information, others deploy ransomware to encrypt victim data, and several operate as trojans designed to establish persistent system access.
This multi-layered approach demonstrates sophisticated operational planning, allowing the group to maintain multiple infection vectors and adapt to security countermeasures employed by individual users and platforms.