Security

AdsPower Users Lose Millions to Malicious Browser Extension Supply Chain Attack

A compromised software supply chain enabled attackers to distribute malicious wallet extensions, directly exposing users' private keys and draining substantial digital assets.
September 21, 20253 min

A transparent, elongated crystalline object, resembling a hardware wallet, is shown interacting with a large, irregular mass of deep blue, translucent material. Portions of this blue mass are covered in delicate, spiky white frost, creating a striking contrast against the vibrant blue
A close-up view reveals a highly detailed, translucent blue network, resembling a complex organic or digital lattice. A sleek, metallic cylindrical component, adorned with black and blue bands, is securely embedded within a junction of this intricate structure

Briefing

The AdsPower platform suffered a critical supply chain attack in January 2025, leading to an estimated $4.7 million in cryptocurrency theft from its users. Attackers infiltrated AdsPower’s infrastructure to replace legitimate crypto wallet browser extensions with malicious versions, thereby directly compromising mnemonic phrases and private keys. This incident underscores the severe risk posed by software supply chain vulnerabilities, where a single point of compromise can lead to widespread user asset loss.

A high-tech, dark blue device showcases a prominent central brushed metal button and a smaller button on its left. A glowing blue circuit board pattern is visible beneath a transparent layer, with a translucent, wavy data stream flowing over the central button

Context

Prior to this incident, the digital asset ecosystem has seen a persistent threat from software supply chain attacks, often targeting widely used tools or infrastructure. The prevailing attack surface includes third-party integrations and browser-based extensions, which, if compromised, can serve as a conduit for sophisticated info-stealing malware. This class of vulnerability leverages the implicit trust users place in software distribution channels, making it a high-leverage target for threat actors.

The image showcases a detailed view of a translucent, frosted white and vibrant blue mechanical component, highlighting its intricate internal structure and smooth exterior. The focus is on the interplay of light and shadow across its precise, engineered surfaces, with a prominent blue ring providing a striking color contrast

Analysis

The attack’s technical mechanics involved a precise supply chain compromise of the AdsPower browser platform. Threat actors injected malicious code, replacing legitimate cryptocurrency wallet browser plugins, such as MetaMask, with backdoored versions. Users who downloaded or updated these extensions between January 21st and 24th inadvertently installed malware designed to extract mnemonic phrases and private keys. This direct access to cryptographic secrets allowed the attackers to gain full control over affected users’ on-chain accounts and systematically drain their digital assets, demonstrating a critical failure in software integrity verification.

This abstract visualization features a highly detailed, metallic structure in deep blue tones, emphasizing intricate mechanical components. At its heart lies a circular, segmented device, strongly suggesting a cryptographic element or a secure enclave for managing private keys and digital assets, akin to a cold storage wallet or a validator node's critical interface

Parameters

  • Protocol/Platform Targeted → AdsPower Browser Platform
  • Attack Vector → Malicious Browser Extension Supply Chain Compromise
  • Vulnerability Type → Software Supply Chain Attack, Private Key/Mnemonic Phrase Theft
  • Financial Impact → Estimated $4.7 Million
  • Assets Compromised → Cryptocurrency (e.g. Ethereum)
  • Affected ComponentsCrypto Wallet Browser Extensions (e.g. MetaMask)
  • Detection Window → January 21-24, 2025

A futuristic transparent device, resembling an advanced hardware wallet or cryptographic module, displays intricate internal components illuminated with a vibrant blue glow. The top surface features tactile buttons, including one marked with an '8', and a central glowing square, suggesting sophisticated user interaction for secure operations

Outlook

Immediate mitigation for users involves urgently checking wallet integrity, revoking all permissions, and transferring assets to new, secure wallets initialized outside of any potentially compromised environment. This incident highlights the critical need for enhanced software supply chain security, rigorous integrity checks for third-party integrations, and user education on verifying extension authenticity. Protocols and platforms must implement multi-layered security controls, including robust code signing, frequent audits of distribution channels, and real-time monitoring for unauthorized modifications to user-facing components to prevent similar future compromises.

The image displays a detailed, close-up view of intricate metallic and electric blue machinery components. Various black and blue cables interconnect these robust parts, suggesting a sophisticated electronic device

Verdict

This AdsPower supply chain attack serves as a stark reminder that the security perimeter extends beyond smart contracts, demanding continuous vigilance over all integrated software components to safeguard digital assets.

Signal Acquired from → Halborn

Micro Crypto News Feeds

software supply chain

Definition ∞ The software supply chain refers to the collection of all components, tools, and processes involved in the development and delivery of software.

supply chain

Definition ∞ A supply chain is the network of all the individuals, companies, resources, activities, and technologies involved in the creation and sale of a product, from the delivery of source materials from the supplier to the manufacturer, through to its eventual sale to the end consumer.

digital assets

Definition ∞ Digital assets are any form of property that exists in a digital or electronic format and is capable of being owned and transferred.

platform

Definition ∞ A platform is a foundational system or environment upon which other applications, services, or technologies can be built and operated.

compromise

Definition ∞ A 'compromise' in the digital asset space refers to an agreement reached between differing parties, often involving concessions on key points.

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

crypto wallet

Definition ∞ A crypto wallet is a digital tool used to manage cryptocurrency assets.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

supply

Definition ∞ Supply refers to the total quantity of a specific digital asset that is available in the market or has been issued.

Tags:

Tags: