Fake Trust Wallet Extension stole all assets
I installed what I thought was the "trust wallet" extension. It's not the real trust wallet. I had a little over $5K stolen in BTC, ETH, and SOL. Is there any way you can help me catch the individuals or somehow get back my stolen funds? Or any advice or direction will be helpful.
Все ответы (7)
Probably you have removed that add-on by now. Can you tell from your browsing history where you installed it from?
If not, did it have a toolbar button? If so:
If you go into the configuration editor and look at your toolbar button setup, the add-on's ID might be indicated there, indirectly. Here's how you would check it:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
(2) In the search box in the page, type or paste browser.uiCustomization.state and pause while the list is filtered
Firefox normally shows an enormously long JSON-format string that contains toolbar layout details. The add-ons can be named in two different ways, so it can be easier or more difficult to decode:
(A) @ style, for example:
"window-autonumber_jeffersonscher_com-browser-action"
The guid is window-autonumber@jeffersonscher.com
(B) GUID style, for example:
_cb08faed-9460-474a-ba0b-d98b13b5e001_-browser-action
The guid is {cb08faed-9460-474a-ba0b-d98b13b5e001}
If the add-on is still on the Mozilla Add-ons site, you can search for the guid using my extension search page:
https://www.jeffersonscher.com/sumo/extensions.html#guid=PASTE-GUID-HERE
Hello,
I installed it from firefox. I have the link but it's no longer on firefox, probably because I reported it.
https://addons.mozilla.org/en-US/firefox/addon/dapps_platforminc/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search I'm not able to locate the requested information. Perhaps doing something wrong? Cant find GUID for the trust wallet -deleted it from my extensions and it's no longer on firefox. This is what came up when I did the steps above:
{"placements":{"widget-overflow-fixed-list":["bookmarks-menu-button"],"unified-extensions-area":["_16ea91b0-8990-4c1a-83fc-660e4bf7614b_-browser-action","_95c571d7-3883-4aca-89f3-9035820949b1_-browser-action","webextension_metamask_io-browser-action","_504e1565-ddd7-4fc3-bec3-079ddb622b2c_-browser-action","tab-stash_condordes_net-browser-action","_01c29374-a0fa-4bbb-b047-19d9213ed90e_-browser-action","_821bcd4e-7224-4e3d-b806-b244b4669a31_-browser-action"],"nav-bar":["back-button","forward-button","stop-reload-button","home-button","customizableui-special-spring1","urlbar-container","customizableui-special-spring2","save-to-pocket-button","downloads-button","fxa-toolbar-menu-button","unified-extensions-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["firefox-view-button","tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["save-to-pocket-button","developer-button","_16ea91b0-8990-4c1a-83fc-660e4bf7614b_-browser-action","_95c571d7-3883-4aca-89f3-9035820949b1_-browser-action","webextension_metamask_io-browser-action","_504e1565-ddd7-4fc3-bec3-079ddb622b2c_-browser-action","tab-stash_condordes_net-browser-action","_01c29374-a0fa-4bbb-b047-19d9213ed90e_-browser-action","_821bcd4e-7224-4e3d-b806-b244b4669a31_-browser-action"],"dirtyAreaCache":["nav-bar","PersonalToolbar","toolbar-menubar","TabsToolbar","unified-extensions-area","widget-overflow-fixed-list"],"currentVersion":19,"newElementCount":6}
Thank you, SW
See also the extensions.webextensions.uuids pref that might still have the UUID.
this is what came up for extensions.webextensions.uuid:
{"formautofill@mozilla.org":"885dfa6d-8e5e-4528-ab87-71acef47e0b9","pictureinpicture@mozilla.org":"4896592a-f68d-444f-bcfb-61097ea063f3","screenshots@mozilla.org":"51030488-4ed9-4f9b-96aa-c3a1c505fba8","webcompat-reporter@mozilla.org":"4d65133a-0c2d-419f-9903-386a8eb1336e","webcompat@mozilla.org":"de0e8454-50c6-4f6e-a881-fc6453f7ffcc","default-theme@mozilla.org":"c4437044-d64a-436d-af0b-a3d1d5fb4022","google@search.mozilla.org":"57bda4da-75b2-4ae0-aa4f-a7cbeea7ad76","amazondotcom@search.mozilla.org":"ef954aa3-5a16-41c2-bc18-3a022fe61d1c","wikipedia@search.mozilla.org":"31b89753-fd61-492a-b4f8-bd624db643b4","bing@search.mozilla.org":"a20466b4-6af3-4e38-80e8-e2a6731c020d","ddg@search.mozilla.org":"8b864dc7-0780-4e0d-b268-c2cb2ebabcf6","ebay@search.mozilla.org":"a5311cb5-9a28-476e-8a23-9d9950cae067","addons-search-detection@mozilla.com":"68b007eb-6d23-4db0-b06b-24a8b601ea8d","{16ea91b0-8990-4c1a-83fc-660e4bf7614b}":"76f6143c-b7b8-4f60-8488-52a834ec48e2","addons-restricted-domains@mozilla.com":"049cf639-9b4d-478f-8577-06bc1131c910","webextension@metamask.io":"70c622eb-3b32-48af-b9dd-993d0fb81f43","tab-stash@condordes.net":"033d854b-7bdb-4e90-9d07-937e1db239a8","crxviewer-firefox@robwu.nl":"a043939a-e27a-4225-b9e6-d24aea9043d7"}
Not sure if there's anything in here about the fake trust wallet tho, not great at reading this type of data.
Your install URL is the most useful lead. I was able to match {821bcd4e-7224-4e3d-b806-b244b4669a31} to it only because I had your link and there is a snapshot of the listing in Google cache:
Trust Wallet doesn't list a Firefox extension on its browser extensions page, so that probably was an impersonator. To create a developer account and post an add-on, the poster needs to have a Firefox Account, which is linked to a verified email account. However, a thoughtful criminal probably used a throwaway account that isn't easily traced to them. I don't know whether anyone will be able to track them down.
You may want to report this to the FBI's Internet Crime Complaint Center (IC3): https://www.ic3.gov/
I imagine the FBI would have more access to the necessary information than users or forum volunteers.
Hey jscher2000,
Thank you so much for your time and looking into it. I'll report it on there. There's nothing else I can do with this post on mozilla support in your opinion then?
There was a report of another "Trust Wallet" extension back in April 2021 in https://discourse.mozilla.org/t/scam-extention/78626