A Russian hacking group known as GreedyBear has stolen approximately $1 million in cryptocurrency by deploying over 150 malicious Firefox browser extensions and fake MetaMask wallet applications. These extensions, available on Firefox's official stores, are designed to steal users' seed phrases and other sensitive information. The group has been active for at least five weeks, scaling up their operations with sophisticated scams that impersonate legitimate financial services, including fake savings advertisements mimicking companies like Wise. Authorities, including the Department of Homeland Security, have noted the increased activity and success of Russian cybercrime groups such as GreedyBear and others linked to ransomware campaigns like BlackSuit and Royal. Users are advised to audit their browser extensions, remove suspicious add-ons, verify URLs carefully, and only use official wallet links to protect themselves from these scams. Additionally, platforms like CoinMarketCap warn users that they will never initiate direct messages asking for funds, emphasizing the need for caution against phishing attempts.