Buy CryptoMarketsSpotFuturesGOLDEarnEvent Centre
More
Gold vs Crypto
The post Malicious Chrome Plugin Skims SOL Without Draining Wallets appeared on BitcoinEthereumNews.com. A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet. According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found. On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.” “Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said. Featured image of the Google Chrome extension. Source: Chrome Web Store Related: 5 ‘insidious’ crypto scams to watch out for this year A long-lived operation Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing. Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.” Related: NPM supply-chain attack compromises major ENS and crypto libraries The latest of many malicious Google Chrome extensions Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned… The post Malicious Chrome Plugin Skims SOL Without Draining Wallets appeared on BitcoinEthereumNews.com. A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet. According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found. On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.” “Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said. Featured image of the Google Chrome extension. Source: Chrome Web Store Related: 5 ‘insidious’ crypto scams to watch out for this year A long-lived operation Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing. Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.” Related: NPM supply-chain attack compromises major ENS and crypto libraries The latest of many malicious Google Chrome extensions Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned…

Malicious Chrome Plugin Skims SOL Without Draining Wallets

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/28 12:06
2 min read
Solana
SOL$91.68+5.69%
Polytrade
TRADE$0.04073-0.87%
Ambire Wallet
WALLET$0.01002+1.62%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet.

According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found.

On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.”

“Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said.

Featured image of the Google Chrome extension. Source: Chrome Web Store

Related: 5 ‘insidious’ crypto scams to watch out for this year

A long-lived operation

Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing.

Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.”

Related: NPM supply-chain attack compromises major ENS and crypto libraries

The latest of many malicious Google Chrome extensions

Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned that the fourth-most-popular crypto wallet extension in the Chrome Web Store was draining user funds. In late August, decentralized exchange aggregator Jupiter said it had identified another malicious Chrome extension that was emptying Solana wallets.

In June 2024, a Chinese trader reportedly lost $1 million after installing a Chrome plugin called Aggr. That extension stole browser cookies to hijack accounts, including access to the trader’s Binance account.

Magazine: ‘Help! My robot vac is stealing my Bitcoin’: When smart devices attack

Source: https://cointelegraph.com/news/malicious-solana-chrome-extension-skims-sol-rather-than-emptying-the-wallet?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound

Market Opportunity
Solana Logo
Solana Price(SOL)
$91.69
$91.69$91.69
+1.94%
USD
Solana (SOL) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens

XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens

The post XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens appeared on BitcoinEthereumNews.com. XRP trades at $1.3771, down 0.53%, pressing
Share
BitcoinEthereumNews2026/03/24 01:08
Why Digital Banks Are Growing 3x Faster Than Traditional Banks

Why Digital Banks Are Growing 3x Faster Than Traditional Banks

The Growth Gap Between Digital and Traditional Banking Digital banks are acquiring customers at approximately three times the rate of their traditional counterparts
Share
Techbullion2026/03/24 00:50
Saudi Awwal Bank Adopts Chainlink Tools, LINK Near $23

Saudi Awwal Bank Adopts Chainlink Tools, LINK Near $23

The post Saudi Awwal Bank Adopts Chainlink Tools, LINK Near $23 appeared on BitcoinEthereumNews.com. SAB adopts Chainlink’s CCIP and CRE to expand tokenization and cross-border finance tools. SAB and Wamid target $2.32T Saudi capital markets with blockchain-based tokenization plans. LINK price falls 2.43% to $22.99 despite higher trading volume and steady liquidity ratios. Saudi Awwal Bank has added Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and the Chainlink Runtime Environment (CRE) to its digital strategy. CCIP links assets and data across multiple blockchains, while CRE provides banks with a controlled framework to test and deploy new financial applications. The lender, with more than $100 billion in assets, is applying the tools to tokenized assets, cross-border settlement, and automated credit platforms. The move signals that Chainlink’s infrastructure is being adopted at scale inside regulated finance. Related: Chainlink’s Deal with SBI Is a Major Win, But Chart Shows LINK’s Battle at $27 Resistance Wamid Partnership Aims at $2.32 Trillion Markets In parallel, SAB signed an agreement with Wamid, a subsidiary of the Saudi Tadawul Group, to pilot tokenization of the Saudi Exchange’s $2.32 trillion capital markets. The focus is on equities and debt products, opening the door for blockchain-based issuance and settlement. SAB has already executed the world’s first Islamic repo on distributed ledger technology, in collaboration with Oumla earlier this year. That transaction gave regulators a template for compliant on-chain contracts. The Wamid deal builds directly on that precedent, shifting from single-instrument pilots toward broader capital markets integration. Saudi Blockchain Buildout Gains Pace Saudi institutions are building multiple layers of digital infrastructure. Oumla is working with Avalanche to develop the Kingdom’s first domestically hosted Layer 1 blockchain. SAB’s Chainlink adoption adds an interoperability and execution layer on top. Together, these projects are shaping a domestic framework for tokenization, with global connectivity added only where liquidity requires it. LINK Price and Liquidity Snapshot While institutional adoption progresses, Chainlink’s…
Share
BitcoinEthereumNews2025/09/18 08:49