Buy CryptoMarketsSpotFuturesGOLDEarnEvent Centre
More
Gold vs Crypto
The post Solana Users Targeted by Browser Extension With Hidden Fees appeared on BitcoinEthereumNews.com. A fresh security warning has emerged for Solana traders after researchers uncovered a Chrome extension that secretly adds extra fees to user swaps. The extension, called Crypto Copilot, promotes fast trading directly from social media feeds.  However, investigators found that it quietly inserts a hidden SOL transfer into each Raydium swap. Consequently, unsuspecting users lose a portion of their assets without any on-screen indication. This discovery raises broader concerns about browser-based trading tools and alerts traders to the risks associated with extensions that require broad signing permissions. Researchers Reveal Concealed Transfer Logic Socket’s Threat Research Team identified the behavior during a review of suspicious extensions linked to Solana activity. The extension appeared legitimate at first glance because it connects to well-known wallets and displays token data from DexScreener.  However, researchers noticed that every swap generated two instructions instead of one. The extension builds the correct Raydium swap. It then appends another instruction that transfers a small amount of SOL to a single attacker-controlled wallet. The fee ranges from 0.0013 SOL to 0.05% of the trade amount. Moreover, the transfer does not appear in the interface. Typical wallet prompts summarize the full transaction as a single action, making it difficult for users to notice the additional instruction. Hence, the attacker collects fees in the background while the trader believes they are executing a normal swap. Convenience Pitch Concealed the Risks Crypto Copilot launched in June 2024 with a pitch that appealed to fast-moving Solana traders. The extension detects tokens mentioned in posts on X and offers a one-click swap button. It requests wallet-adapter permissions that look normal to anyone who trades often. Additionally, its interface presents speed and convenience as the primary features. However, none of its marketing mentions added fees or undisclosed transfers. The problematic code was hidden inside heavily… The post Solana Users Targeted by Browser Extension With Hidden Fees appeared on BitcoinEthereumNews.com. A fresh security warning has emerged for Solana traders after researchers uncovered a Chrome extension that secretly adds extra fees to user swaps. The extension, called Crypto Copilot, promotes fast trading directly from social media feeds.  However, investigators found that it quietly inserts a hidden SOL transfer into each Raydium swap. Consequently, unsuspecting users lose a portion of their assets without any on-screen indication. This discovery raises broader concerns about browser-based trading tools and alerts traders to the risks associated with extensions that require broad signing permissions. Researchers Reveal Concealed Transfer Logic Socket’s Threat Research Team identified the behavior during a review of suspicious extensions linked to Solana activity. The extension appeared legitimate at first glance because it connects to well-known wallets and displays token data from DexScreener.  However, researchers noticed that every swap generated two instructions instead of one. The extension builds the correct Raydium swap. It then appends another instruction that transfers a small amount of SOL to a single attacker-controlled wallet. The fee ranges from 0.0013 SOL to 0.05% of the trade amount. Moreover, the transfer does not appear in the interface. Typical wallet prompts summarize the full transaction as a single action, making it difficult for users to notice the additional instruction. Hence, the attacker collects fees in the background while the trader believes they are executing a normal swap. Convenience Pitch Concealed the Risks Crypto Copilot launched in June 2024 with a pitch that appealed to fast-moving Solana traders. The extension detects tokens mentioned in posts on X and offers a one-click swap button. It requests wallet-adapter permissions that look normal to anyone who trades often. Additionally, its interface presents speed and convenience as the primary features. However, none of its marketing mentions added fees or undisclosed transfers. The problematic code was hidden inside heavily…

Solana Users Targeted by Browser Extension With Hidden Fees

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/27 01:31
2 min read
Solana
SOL$86.48-2.38%
TokenFi
TOKEN$0.002752-0.43%
Ambire Wallet
WALLET$0.00966-5.66%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

A fresh security warning has emerged for Solana traders after researchers uncovered a Chrome extension that secretly adds extra fees to user swaps. The extension, called Crypto Copilot, promotes fast trading directly from social media feeds. 

However, investigators found that it quietly inserts a hidden SOL transfer into each Raydium swap. Consequently, unsuspecting users lose a portion of their assets without any on-screen indication. This discovery raises broader concerns about browser-based trading tools and alerts traders to the risks associated with extensions that require broad signing permissions.

Researchers Reveal Concealed Transfer Logic

Socket’s Threat Research Team identified the behavior during a review of suspicious extensions linked to Solana activity. The extension appeared legitimate at first glance because it connects to well-known wallets and displays token data from DexScreener. 

However, researchers noticed that every swap generated two instructions instead of one. The extension builds the correct Raydium swap. It then appends another instruction that transfers a small amount of SOL to a single attacker-controlled wallet. The fee ranges from 0.0013 SOL to 0.05% of the trade amount.

Moreover, the transfer does not appear in the interface. Typical wallet prompts summarize the full transaction as a single action, making it difficult for users to notice the additional instruction. Hence, the attacker collects fees in the background while the trader believes they are executing a normal swap.

Convenience Pitch Concealed the Risks

Crypto Copilot launched in June 2024 with a pitch that appealed to fast-moving Solana traders. The extension detects tokens mentioned in posts on X and offers a one-click swap button. It requests wallet-adapter permissions that look normal to anyone who trades often. Additionally, its interface presents speed and convenience as the primary features.

However, none of its marketing mentions added fees or undisclosed transfers. The problematic code was hidden inside heavily obfuscated files. This raised concerns among analysts who noted that extensions offering instant trading often encourage users to sign transactions rapidly, making quiet extra instructions easier to miss.

Broader Implications for Solana Users

The extension remains online, and researchers have requested a takedown. Significantly, the incident highlights a wider trend. Browser extensions handling on-chain actions have grown more popular, but they also increase security exposure. 

Moreover, attackers now target Solana traders more often due to rising ecosystem activity. Hence, security teams advise users to review each transaction carefully, avoid unfamiliar extensions, and monitor for unusual transfer patterns.

Source: https://coinpaper.com/12682/malicious-chrome-extension-exposed-for-adding-secret-sol-fees-into-raydium-swaps

Market Opportunity
Solana Logo
Solana Price(SOL)
$86.53
$86.53$86.53
-1.21%
USD
Solana (SOL) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Tokyo’s Metaplanet Launches Miami Subsidiary to Amplify Bitcoin Income

Tokyo’s Metaplanet Launches Miami Subsidiary to Amplify Bitcoin Income

Metaplanet Inc., the Japanese public company known for its bitcoin treasury, is launching a Miami subsidiary to run a dedicated derivatives and income strategy aimed at turning holdings into steady, U.S.-based cash flow. Japanese Bitcoin Treasury Player Metaplanet Opens Miami Outpost The new entity, Metaplanet Income Corp., sits under Metaplanet Holdings, Inc. and is based […]
Share
Coinstats2025/09/18 00:32
Academic Publishing and Fairness: A Game-Theoretic Model of Peer-Review Bias

Academic Publishing and Fairness: A Game-Theoretic Model of Peer-Review Bias

Exploring how biases in the peer-review system impact researchers' choices, showing how principles of fairness relate to the production of scientific knowledge based on topic importance and hardness.
Share
Hackernoon2025/09/17 23:15
Lyft Stock Hits Three-Year High After Waymo Partnership

Lyft Stock Hits Three-Year High After Waymo Partnership

The post Lyft Stock Hits Three-Year High After Waymo Partnership appeared on BitcoinEthereumNews.com. Topline Lyft shares rose over 14% Wednesday to a three-year high after the rideshare company announced a partnership with autonomous ride-hailing service Waymo. General view of Lyft signage during the Sundance Film Festival on January 23, 2023 in Park City, Utah. (Photo by Mat Hayward/Getty Images) Getty Images Key Facts Lyft shares traded up 11.9% to $22.60 about thirty minutes before market close Wednesday. The surge in share price brings Lyft’s stock to its highest point since May 2022, when it dramatically fell from a post-COVID lockdown boom the year prior. The Lyft and Waymo partnership brings Waymo’s robotaxi service to Nashville, adding on to the company’s service in the cities of Los Angeles, Phoenix, San Francisco, Atlanta and Austin. Lyft will provide vehicle maintenance, infrastructure and depot operations under the agreement. Riders will be able to use Waymo’s robotaxi service first through the company’s app and later through Lyft’s app as the Nashville service grows. Get Forbes Breaking News Text Alerts: We’re launching text message alerts so you’ll always know the biggest stories shaping the day’s headlines. Text “Alerts” to (201) 335-0739 or sign up here. Tangent Shares of Uber, Lyft’s ridesharing competitor, fell 4.2% at 2:30 p.m. EDT, erasing gains made in the last week of trading. Uber’s stock is up more than 53% this year. Key Background Lyft’s stock has been on a tear since the company announced its second quarter earnings in August, when it missed analyst expectations on revenue ($1.6 billion) and earnings per share ($0.10), but posted $4.5 billion in gross bookings—an all-time high that represented a 12% increase year-over-year. Waymo is looking to expand the market for its autonomous rides next year, with plans to bring its service to Washington, D.C., Miami and New York City. It has also been testing in cities…
Share
BitcoinEthereumNews2025/09/18 07:11