PANews|Jan 14, 2026 03:04
[Report: Malicious Chrome Extension Disguised as a Trading Tool Steals Users' MEXC API Keys]
According to a report by the security agency Socket Threat Research Team, a malicious Chrome extension named 'MEXC API Automator' has been available on the Chrome Web Store since September 1, 2025. It is capable of stealing newly created API keys from users of the cryptocurrency exchange MEXC and sending them to a Telegram bot controlled by the attackers.
The extension lures users with promises of trading automation, automatically generating MEXC API keys with withdrawal permissions without the user's knowledge. It conceals the display of these permissions in the interface and subsequently leaks the keys along with encrypted data. Using this method, attackers can gain full control of the victim's MEXC account, execute trades, initiate automatic withdrawals, and transfer assets from the account. As of the time of the report's release, the extension is still available for download on the Chrome Web Store. The research team has reported the issue to Google and flagged the extension.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink