A malicious Google Chrome browser extension is allowing users to trade on Solana while quietly siphoning fees from each swap into the creator's wallet.
According to a report from cybersecurity company Socket on Tuesday, this Google Chrome extension enables users to trade on Solana (SOL) from their X social media feeds. Unlike typical wallet-emptying malware that attempts to steal the entire balance, Socket found that "Crypto Copilot" injects additional transfers in each Solana swap, stealing at least 0.0013 SOL or 0.05% of the transaction.
On the backend, Crypto Copilot uses the decentralized exchange Raydium to execute swaps for users but adds a second instruction to transfer SOL from the user to the attacker. The user interface only displays the swap details, while the wallet confirmation screen "summarizes the transaction without showing individual instructions."
Socket stated, "Users sign what appears to be a single swap, but the two instructions are executed atomically on-chain."
Socket noted that it has submitted a takedown request for the extension to the Chrome Web Store security team. This malicious extension has been around for a relatively long time, having been released on June 18, 2024, but store reports indicate that there were only 15 users at the time of publication.
Crypto Copilot markets itself as a convenience tool that allows Solana traders to execute swaps directly from Twitter. It promises to "enable you to seize trading opportunities instantly without switching between apps or platforms."
The vast user base and scalable design of Google Chrome have long made its extension ecosystem a target for cryptocurrency-related scams. Earlier this month, Socket warned that the fourth most popular cryptocurrency wallet extension in the Chrome Web Store was draining user funds. In late August, the decentralized trading aggregator Jupiter reported that it had identified another malicious Chrome extension that was emptying Solana wallets.
In June 2024, a Chinese trader reportedly lost $1 million after installing a Chrome plugin named Aggr. The extension stole browser cookies to hijack accounts, including access to the trader's Binance account.
Related: Upbit faces $36 million Solana hot wallet breach a day after reaching a $10 billion deal with Naver
Original article: “Malicious Chrome Extension Skims Solana Trades by Hiding Extra Transfers”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
