A stealthy Chrome extension is turning Solana traders into unwitting benefactors. It lets users swap tokens, but here’s the catch: a sliver of every transaction silently funnels into the developer’s pocket. Is your wallet leaking?
A sneaky new threat lurks within a seemingly helpful Chrome extension: Crypto Copilot. Security firm Socket revealed Tuesday that this extension, designed to let you trade Solana (SOL) directly from your X feed, is secretly skimming funds. Instead of the typical wallet-draining heist, Crypto Copilot subtly adds an extra transaction to every swap. It’s a slow bleed, siphoning off at least 0.0013 SOL or 0.05% of each trade, according to Socket. This insidious approach makes it harder to detect, allowing the malicious actor to profit quietly under the radar.
Crypto Copilot? More like Crypto Catastrophe. Behind the promised swaps on Raydium lurks a digital pickpocket. The app quietly adds a second instruction, siphoning SOL from your account and straight into the attacker’s. Deceptive simplicity reigns: the UI flaunts swap details, while wallet confirmations bury the malicious code beneath a misleading “summary,” leaving your crypto vulnerable and you, the victim.
“Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said.
Featured image of the Google Chrome extension. Source: Chrome Web Store
Related: 5 ‘insidious’ crypto scams to watch out for this year
A long-lived operation
A rogue Chrome extension, lurking in the Web Store since June 18, 2024, has triggered a takedown request from Socket. While it’s been active for a while, the digital menace has only ensnared a mere 15 users – a small victory in the ongoing battle for browser security.
Imagine lightning-fast Solana trades executed with a single tweet. Crypto Copilot isn’t just convenient; it’s your secret weapon. Ditch the endless app-switching. Now, trading opportunities are seized instantly, directly from your Twitter feed. This is trading at the speed of thought.
Related: NPM supply-chain attack compromises major ENS and crypto libraries
The latest of many malicious Google Chrome extensions
Chrome’s vast popularity has painted a bullseye on its back, especially for crypto crooks eyeing its extension store. This month, Socket blew the whistle on a crypto wallet extension, boasting a huge following, for siphoning funds. Not long before that, Jupiter, a decentralized exchange heavyweight, exposed another Chrome extension silently plundering Solana wallets.
June 2024: A million-dollar nightmare unfolded for a Chinese crypto trader, all thanks to a seemingly innocuous Chrome extension named “Aggr.” This wasn’t your run-of-the-mill malware. Aggr was a digital pickpocket, silently swiping browser cookies to hijack accounts. The devastating result? Complete access to the trader’s Binance account, and a wallet drained of $1 million.
Magazine: ‘Help! My robot vac is stealing my Bitcoin’: When smart devices attack
Thanks for reading Malicious Chrome extension skims Solana swaps with hidden extra transfers
