In a daring display of digital mischief, a Chrome extension has been impersonating a legitimate trading tool, effortlessly pilfering API keys from unsuspecting users of the MEXC cryptocurrency exchange. That’s right, folks, the virtual pickpocket of the 21st century has struck again, proving that all it takes is a catchy name and a dash of deception to become an overnight sensation in the world of cybercrime.

Dubbed the ‘MEXC API Automator’—because why not sound official while doing nefarious deeds?—this extension has managed to ‘attract’ a whopping 29 downloads. That’s right, nearly as many people as would attend a pop-up art show in a small town have unwittingly shared their valuable API keys. Move over traditional phishing scams; there’s a new kid in town, and they’re wearing a virtual trench coat.

But fear not, dear internet users, for this is merely another chapter in the never-ending saga of cybersecurity antics. While experts scramble to address the issue, the rest of us can only sit back, relax, and appreciate the audacious creativity of hackers who remind us daily why two-factor authentication isn’t just a suggestion—it’s a lifestyle choice.