You stored your Bitcoin private keys (CRYPTO: BTC) in a safety deposit box so you should be good, right? Not so fast. Criminals are getting more manipulative in how they access your cryptos.This week, a Google Chrome extension for file-sharing service MEGA was hacked by cyber criminals who are potentially stealing private keys and login passwords, among other information. The compromised extension is able to monitor and retrieve sensitive information that are saved on Google Chrome. How do they do it? The hacked extension saves data that can be used to access your cryptos. For example, sites such as myetherwallet.com, mymonero.com and idex.market are snooped on. And if data are saved, a javascript function collects private keys and passwords. On Tuesday, New Zealand-based MEGA cautioned Chrome users who may be affected. "You are only affected if you had the MEGA Chrome extension installed at the time of the incident, autoupdate enabled and you accepted the additional permission, or if you freshly installed version 3.39.4." The company added, "Please note that if you visited any site or made use of another extension that sends plain-text credentials through POST requests, either by direct form submission or through a background XMLHttpRequest process (MEGA is not one of them) while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications." If you think you're at risk, then uninstall the Chrome MEGA extension immediately, along with other add-ons that are unnecessary. Change your passwords so that criminals can't your accounts and cryptos.Fraudsters are also devising schemes on hardware and infrastructure. Last month, IT security firm Trend Micro said that hackers are selling Bitcoin ATM malware for $25,000 in the black market. The company's Aug. 7 blog states, "Buyers receive not just the malware but also a ready-to-use card that comes with EMV and NFC capabilities … the malware exploits a service vulnerability that allows the user to receive bitcoins worth up to 6,750 in U.S. dollars, euros, or pounds." The company adds that "cybercriminals will continue to devise tools and to expand to lucrative new 'markets.' As the number of Bitcoin ATMs grows, we can expect to see more forms of malware targeting cryptocurrency ATMs in the future." Unfortunately, being a victim of BTC theft offers no recourse. Some banks and merchants may reimburse customers for unauthorized use of debit or credit card. But no similar arrangement exists for decentralized cryptos, and that makes security all the more important.Of course, criminals can always resort to brute force to ransack your digital wallet. That's exactly what happened in New York City when an unnamed victim lost $1.8 million in cryptos. On Wednesday, Louis Meza, 35, plead guilty to first-degree grand larceny and second-degree kidnapping in Manhattan Supreme Court and is expected to spend a decade in jail, reports the New York Post. He was ordered to pay back 84 bitcoins and 269,000 SALT tokens. Meza and three co-defendants (whose cases are still pending) held the victim captive in a van, stole crypto hardware, and moved Ethereum to an account the kidnappers controlled. The victim was able to break free and call law enforcement, according to Sept. 5 report. The funds were fully recovered. Cryptocurrency is a game-changing innovation. But theft is timeless. Starbucks, Microsoft Back Bitcoin ETF And Stakes Are Huge Disclaimer: The views expressed in this article belong solely to the author. Information contained herein should not be construed as investment advice.