[ new scan ] [ statistics ] [ github ] [ twitter ]

Bitget Wallet - Crypto, Web3 | Bitcoin & USDT

Version 2.15.18 View in Chrome Web Store

Last scanned: 7 days ago | force re-scan

Extension Details

Developer: web3.bitget.com

Rating: 3.5 ★ (235 ratings)

Size: 20.21MiB

Last Updated: March 5, 2025

Users: 500,000

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

- The extension has a relatively high number of users (500,000), which could indicate some level of trust and popularity.

- However, there is limited information provided about the developer or company behind the extension, making it difficult to assess their reputation.

Concerns:

- The extension requests broad host permissions (http://localhost/*, *://*/*), allowing it to access all websites. This is an unnecessary level of access for a crypto wallet extension and raises privacy concerns.

- The "tabs" permission allows the extension to access and manipulate browser tabs, which could potentially be abused for malicious purposes.

- The Content Security Policy (CSP) allows "wasm-unsafe-eval," enabling the execution of potentially unsafe WebAssembly code, which could be used to hide malicious activities or perform resource-intensive operations.

- The extension requests the "unlimitedStorage" permission, allowing it to store an unlimited amount of data locally, which could be a privacy concern if sensitive information is stored.

Recommendations:

- Exercise caution when installing this extension, as it poses a high risk due to its broad permissions and potential security vulnerabilities.

- If you decide to use this extension, consider running it in a separate browser profile or a dedicated instance of your browser to isolate it from your main browsing activities.

- Regularly review the extension's permissions and behavior, and uninstall it if you notice any suspicious activities or performance issues.

- Consider using alternative crypto wallet extensions from reputable developers with a proven track record of security and privacy practices.

Security Analysis

HIGH

Overall Risk

Based on 7 total findings, ranked without considering overall context, including 3 high-risk and 4 medium-risk findings.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

HIGH

Unsafe WebAssembly Execution

This extension's Content Security Policy allows 'wasm-unsafe-eval', which permits potentially dangerous WebAssembly code execution. This could be used to hide malicious code or perform CPU-intensive operations.

MEDIUM

Medium-Risk Permission: activeTab

This extension has the activeTab permission. Can access the active tab when clicking the extension icon.

MEDIUM

Medium-Risk Permission: notifications

This extension has the notifications permission. Can show notifications.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

MEDIUM

Medium-Risk Permission: unlimitedStorage

This extension has the unlimitedStorage permission. Can store unlimited data locally.

Security Analysis Details

Required Permissions:

storage
activeTab
notifications
unlimitedStorage
scripting
tabs
alarms

Host Permissions:

http://localhost/*
*://*/*

Content Security Policy:

extension_pages: script-src 'self' 'wasm-unsafe-eval'; object-src 'self'; frame-ancestors 'none';

Embedded URLs (866 total):

http://www.w3.org/2000/svg	http://www.w3.org/1999/xlink
https://links.ethers.org/v5-errors-	https://conf.chainnear.com/v2
https://ta.bitkeep.buzz:8993/sync_js	https://fp-constantid.bitkeep.vip/udid/c1
https://conf.bitkeep.app/v2	https://conf.bitkeep.biz/v2
https://conf.bitkeep.fun/v2	https://conf.bitkeep.life/v2
https://conf.lymryy.com:9443/v2	https://conf.packcard.com/v2
https://bitkeep-29c02.firebaseio.com	https://www.google-analytics.com/collect
https://log.noxiaohao.com	https://npms.io/search?q=ponyfill.
https://cdn.jsdelivr.net/gh/phishfort/phishfort-lists@master/blacklists/hotlist.json	https://cdn.jsdelivr.net/gh/MetaMask/eth-phishing-detect@master/src/config.json
https://www.ethercluster.com/mordor	https://www.ethercluster.com/etc
https://www.ethercluster.com/kotti	https://gateway.ipfs.io/ipfs/
https://cloudflare-eth.com/	https://api.etherscan.io
https://api-goerli.etherscan.io	https://api-sepolia.etherscan.io
https://api.polygonscan.com	https://api-testnet.polygonscan.com
https://api.arbiscan.io	https://api-goerli.arbiscan.io
https://api-optimistic.etherscan.io	https://api-goerli-optimistic.etherscan.io
https://ethereum.api.nodesmith.io/v1/mainnet/jsonrpc	https://ethereum.api.nodesmith.io/v1/ropsten/jsonrpc
https://ethereum.api.nodesmith.io/v1/rinkeby/jsonrpc	https://ethereum.api.nodesmith.io/v1/goerli/jsonrpc
https://ethereum.api.nodesmith.io/v1/kovan/jsonrpc	https://webpack.js.org/configuration/resolve/#resolvemainfields
https://github.com/rollup/rollup-plugin-node-resolve	http://cdn.bitkeep.vip/u_b_7515b410-ea97-11eb-8946-25b8a8a5e0b4.png
http://cdn.bitkeep.vip/u_b_7e2aaf60-ea97-11eb-8946-25b8a8a5e0b4.png	http://cdn.bitkeep.vip/u_b_a93988e0-3897-11ec-81b7-af9f0d5a317a.png
http://cdn.bitkeep.vip/u_b_a69b3750-3897-11ec-81b7-af9f0d5a317a.png	http://cdn.bitkeep.vip/u_b_93c38e00-ea97-11eb-8946-25b8a8a5e0b4.png
http://cdn.bitkeep.vip/u_b_a25801d0-ea97-11eb-8946-25b8a8a5e0b4.png	http://cdn.bitkeep.vip/u_b_abd81b00-ea97-11eb-8946-25b8a8a5e0b4.png
http://cdn.bitkeep.vip/u_b_b72ef000-ea97-11eb-8946-25b8a8a5e0b4.png	http://cdn.bitkeep.vip/u_b_446660c0-1c34-11ec-b749-09299a4f8b9a.png
http://cdn.bitkeep.vip/u_b_423528e0-1c34-11ec-b749-09299a4f8b9a.png	https://cdn.bitkeep.vip/u_b_532a48d0-1ed9-11ed-8366-75c3a54011a2.png
https://cdn.bitkeep.vip/u_b_4f697fa0-9f8a-11ec-a3eb-f758fa002ae8.png	http://cdn.bitkeep.vip/u_b_fb566610-485b-11ec-b991-33f2d19faf7b.png
https://mozilla.github.io/localForage/#definedriver	https://api-app-slow.bitkeep.top
https://api-app-fast.bitkeep.top	https://api-app-slow.bitapi.vip
https://cdn.bitkeep.vip/operation/u_b_beeec900-4706-11ee-bd9c-d7f67191cbd2.png	https://share.keepshare.info/inviteFriend?_needChain=eth
https://share.keepshare.info/en/otcPages?code=USD	https://cdn.bitkeep.vip/u_b_d2ea3ef0-028b-11ed-9cda-13b6bca9e086.png
https://cdn.bitkeep.vip/u_b_4b64af00-028c-11ed-bd91-79ac134e3a5c.png	https://share.keepshare.info/OrdinalsBRC20?_needChain=btc&_noAd=true&_isHideSearch=true
https://cdn.bitkeep.vip/u_b_341b9e80-630e-11ec-9090-d51285e37a54.png	https://news.bitkeep.biz/activity/blindbox/list
https://web3.bitget.com/en	https://t.me/Bitget_Wallet
https://www.bitkeep.com	https://web3.bitget.com/en/wallet-download
https://www.facebook.com/BitgetWallet	https://discord.gg/qjH6YGDYgh
https://bitkeep.com/en/jobs	https://cdn.bitkeep.vip/u_b_6df50a00-1d09-11ed-9185-336e1d45f61c.svg+xml
https://share.keepshare.info/airdrop/list?lang=en	https://cdn.bitkeep.vip/operation/u_b_acccadd0-4325-11ee-aa96-5720907ab25c.png
https://cdn.bitkeep.vip/u_b_9f6a44d0-d293-11ec-bad1-57cfe491dd7c.png	https://cdn.bitkeep.vip/u_b_aceb5000-d297-11ec-bad1-57cfe491dd7c.png
https://cdn.bitkeep.vip/u_b_8a572380-253e-11ed-af92-1dcaef65660e.png	https://cdn.bitkeep.vip/u_b_bac68ef0-2536-11ed-af92-1dcaef65660e.png
https://web3.bitget.com/en/academy	https://cdn.bitkeep.vip/u_b_76ce5610-a5cf-11ec-9457-d57dbe519c92.png

Page 1 of 11

Raw Manifest

{
  "name": "__MSG_appName__",
  "icons": {
    "16": "static/images/favicon.png",
    "19": "static/images/favicon.png",
    "32": "static/images/favicon.png",
    "48": "static/images/favicon.png",
    "128": "static/images/favicon.png"
  },
  "action": {
    "default_popup": "popup.html",
    "default_title": "Bitget"
  },
  "version": "2.15.18",
  "commands": {
    "_execute_action": {
      "suggested_key": {
        "mac": "Alt+Shift+K",
        "linux": "Alt+Shift+K",
        "windows": "Alt+Shift+K",
        "chromeos": "Alt+Shift+K"
      }
    }
  },
  "background": {
    "service_worker": "static/js/background.js"
  },
  "short_name": "__MSG_appName__",
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "__MSG_appDescription__",
  "permissions": [
    "storage",
    "activeTab",
    "notifications",
    "unlimitedStorage",
    "scripting",
    "tabs",
    "alarms"
  ],
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "static/js/contentscript.js",
        "static/js/bundle.js"
      ],
      "run_at": "document_start",
      "matches": [
        "http://*/*",
        "https://*/*"
      ],
      "all_frames": true
    }
  ],
  "host_permissions": [
    "http://localhost/*",
    "*://*/*"
  ],
  "manifest_version": 3,
  "externally_connectable": {
    "ids": [
      "*"
    ],
    "matches": [
      "https://bitkeep.com/*",
      "https://web3.bitget.com/"
    ]
  },
  "minimum_chrome_version": "88",
  "content_security_policy": {
    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';  frame-ancestors 'none';"
  }
}

Bitget Wallet - Crypto, Web3 | Bitcoin & USDT

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (866 total):

Raw Manifest

Secure Annex (beta)