A harmful Chrome browser add‑on known as Crypto Copilot was found taking small amounts of Solana
Security experts at Socket reported these findings on November 25 after reviewing the extension’s actions.
This extension interacts with the decentralized exchange Raydium
$76.1M
Did you know?
Subscribe – We publish new crypto explainer videos every week!
Blockchain Transaction Easily Explained! (Animated)
Without the user knowing, at least 0.0013 SOL, roughly 0.05% of the trade amount, gets sent to a wallet owned by the malicious operator.
Although Crypto Copilot presents itself as a tool for executing Solana trades from X, it secretly includes a malicious step in the transaction screen. This makes detecting the extra SOL transfer difficult unless users check every detail of the transaction approval.
The extension became available in the Chrome Web Store on June 18, 2024. Despite being reported to Google, it was still active as of late November and had only 15 installs when discovered by Socket’s analysts.
Reviews show that each Raydium transaction with this add-on includes a hidden instruction that sends SOL to the attacker’s wallet. Most people may not notice the missing funds since the process is disguised within a typical swap approval screen.
Researchers from Socket have warned that browser extensions accessing social media or financial services could be abused for similar scams. Their advice is to use only add-ons from verified developers and never grant permissions without understanding what the extension can do.
A Chrome extension named “Safery: Ethereum Wallet” secretly collects users’ recovery phrases under the guise of a secure crypto wallet. What did Socket say? Read the full story.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
