Aren't cryptocurrency wallets that are browser extensions safe?

published May 03, 2021

You may think your browser is sandboxed. And you may think this protects you. Don't be so sure.

Today, many popular wallets for cryptocurrency ship in the form of extensions you install on your browser.

It is technically true that your machine will be safer from a hypothetical compromise coming through the wallet, if you use an extension wallet versus a desktop wallet.

But the attack vector is the browser. If you use your browser for anything, there is a nonzero probability that an attacker will target it. And if he successfully attacks the browser, your funds are gone, no matter how secure your desktop is from your browser due to its sandboxing.

Browser-to-desktop requires the breach of multiple sandboxes. Browser to extension requires the breach of one.  Your thief doesn't need to pwn your computer — he just needs to pwn your browser.

And we all know browsers are legendarily vulnerable to remote hacks. Not a single browser survives the yearly Pwn2Own competition. Foxacid anyone?  Plus, its a known problem that many extensions — some of which you may have installed alongside your wallet — get compromised upstream, or sold to malicious people that then use them to pwn your browser.

If you want best security for your funds, you want a desktop wallet in an airgapped box, or (slightly less secure) a Qubes VM. Whatever you do, you need to be able to trust that what's onscreen is real and can't subvert you.

Don't mix your browsing and your money.