QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$4 700 000 USD
JANUARY 2025
GLOBAL
ADSPOWER
DESCRIPTION OF EVENTS
AdsPower is a secure antidetect browser designed for managing multiple online accounts without the risk of being detected or banned by platforms like Facebook, Google, TikTok, and Amazon. It creates unique, customizable browser fingerprints for each user to maintain privacy and avoid detection. AdsPower offers features such as encrypted data storage, automated operations, and seamless multi-account management using Chrome or Firefox stealth browsers. With advanced security settings like two-factor authentication (2FA), abnormal login interception, and a bug bounty program, AdsPower aims to ensure the highest level of security for online activities in industries like e-commerce, affiliate marketing, cryptocurrency, and web scraping.
AdsPower, founded in 2019 in Hong Kong, is a leading antidetect browser designed to help businesses manage multiple accounts securely and avoid bans. It enables users to control their browser fingerprints and safely interact with various platforms. AdsPower’s journey has seen rapid growth, from a beta product to a global platform with over 5 million users by 2024. The company prioritizes customer experience, open communication, and innovation, constantly optimizing its products like SunBrowser and FlowerBrowser. With features such as the Synchronizer and Linux support, AdsPower has expanded globally, providing enhanced security for users across industries.
The breach occurred when hackers exploited a vulnerability in a third-party technical service system used by AdsPower, which allowed them to upload and distribute maliciously altered MetaMask wallet plugins. These compromised plugins were then spread through AdsPower's fingerprint browser, affecting certain users. The malicious code tampered with the browser extensions, and the attackers may have been able to access sensitive information, such as wallet data. The issue was detected on January 24, 2025, and AdsPower's technical team acted quickly to remove the malicious plugins, block the attack channels, and secure the system.
ChainCatcher has estimated the losses as being at least $4.1m based on on-chain analysis.
Many others such as SlowMist and Halborn quote $4.7m USD. Halborn reports that only 5 users were affected.
The AdsPower team announces on Twitter/X that on the evening of January 24, 2025, their security team identified a breach involving hackers spreading malicious code through tampered third-party browser plug-ins. The technical team acted swiftly to contain the issue by severing the hacker's access and removing all potentially risky plug-ins. The incident has been reported to Singapore law enforcement, and an investigation is ongoing.
The team expresses gratitude to external experts like SlowMist Technology, Certik, and Singapore's leading technical consultants for their support. These experts have helped identify hacker wallet addresses and alerted major trading platforms and project teams about the risks. Additionally, risk reports have been submitted to domain name administrator NameCheap for domains linked to malicious activities.
AdsPower thanks the community for their support and reassures users that safety remains their priority. They continue to work with third-party experts to resolve the situation and will update the community with further progress.
The community's reaction to the AdsPower incident has been mixed, with many users expressing frustration and skepticism. Some have questioned the company's response, demanding more transparency regarding the affected plugins, how the attack occurred, and what measures are being taken to prevent future breaches. Concerns have been raised about the lack of a clear compensation plan, with some users warning others not to accept the offered "User Experience Value-Added Service," fearing it could limit future accountability. Others are critical of AdsPower's decision to report the incident to Singapore authorities instead of handling it locally, and some have asked for specific details about the hack, such as which plugins were affected and how the hackers gained access. Overall, there is a strong demand for clearer communication, transparency, and a more robust response to the security breach.
"The AdsPower security team discovered a breach in which hackers distributed malicious code, resulting in the compromise of some third-party browser extensions."
The browser extension was updated. AdsPower continues to provide updates approximately monthly.
Investigation to attempt to recover the funds is ongoing.
AdsPower, a secure antidetect browser, suffered a security breach when hackers exploited a vulnerability in a third-party technical service, tampering with MetaMask wallet plugins distributed through AdsPower's platform. This breach potentially exposed users' sensitive information, with estimated losses ranging from $4.1M to $4.7M. The company quickly removed the compromised plugins and reported the incident to Singapore law enforcement, while collaborating with external security experts. However, the community reacted with frustration, demanding more transparency, clearer details on the affected plugins, and a better response to prevent future breaches, including concerns over a lack of compensation and accountability.
AdsPower Initial Notice - Twitter/X (Mar 13)
AdsPower Initial Notice Amendment - Twitter/X (Mar 13)
AdsPower February Update - Twitter/X (Mar 13)
AdsPower Homepage (Mar 13)
About AdsPower - AdsPower (Mar 13)
The stolen funds from the AdsPower intrusion incident are concentrated in four addresses, exceeding 4.1 million dollars - ChainCatcher (Mar 13)
Explained: The AdsPower Hack (January 2025) - Halborn (Mar 13)
AdsPower Addresses Security Breach Involving Malicious Wallet Plugins - Binance News (Mar 13)
Risky Bulletin: Supply chain attack at AdsPower browser platform - RiskyBiz (Mar 13)
https://skynet.certik.com/projects/adspower (Mar 13)
SlowMist Cosine: Over $4.7 million stolen in AdsPower hack - PANews (Mar 13)
EvilCos - "Pay attention to this. AdsPower Fingerprint Browser transparently disclosed an intrusion incident. If you are using AdsPower and have installed an extended wallet or manually updated the extended wallet between 18:00 on January 21 and 1...ter/X (Mar 13)
