If you are seeing a warning message when depositing / withdrawing cryptocurrencies, you’re likely a target of the malware that exists in the extensions of your browser.
This attack has become prevalent lately, which replaces your withdrawal addresses or deposit addresses with the wallet addresses controlled by the malicious actors. Address tampering may include the addresses pasted or shown in text form and QR codes.
Please promptly follow these steps:
- Take a screenshot or make a copy of the list of all the extensions you’ve installed on the browser. You can refer to the section below to learn about retrieving the list of extensions.
- Email the screenshot to firstname.lastname@example.org (MAX customer support).
- Remove all extensions installed and ensure all anti-virus software, operating system, and browser are updated to the latest version.
Finding the list of installed extensions:
Step 1. Enter chrome://system/#extensions into the address bar.
Step 2. Scroll to “extensions” and click “Expand”.
Step 3. Take a screenshot or copy the list.
Step 1. Enter about:support into the address bar.
Step 2. Click to copy the original data.
Step 1. Open Safari and visit Preferences on the top left of the toolbar.
Step 2. Open Preferences and click Extensions to take a screenshot.
Step 1. Enter edge://system/#extensions into the address bar.
Step 2. Click Expand to expand the list of extensions.
Step 1. Copy the full list.