Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Gold vs Crypto
The post Malicious Chrome Plugin Skims SOL Without Draining Wallets appeared on BitcoinEthereumNews.com. A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet. According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found. On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.” “Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said. Featured image of the Google Chrome extension. Source: Chrome Web Store Related: 5 ‘insidious’ crypto scams to watch out for this year A long-lived operation Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing. Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.” Related: NPM supply-chain attack compromises major ENS and crypto libraries The latest of many malicious Google Chrome extensions Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned… The post Malicious Chrome Plugin Skims SOL Without Draining Wallets appeared on BitcoinEthereumNews.com. A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet. According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found. On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.” “Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said. Featured image of the Google Chrome extension. Source: Chrome Web Store Related: 5 ‘insidious’ crypto scams to watch out for this year A long-lived operation Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing. Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.” Related: NPM supply-chain attack compromises major ENS and crypto libraries The latest of many malicious Google Chrome extensions Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned…

Malicious Chrome Plugin Skims SOL Without Draining Wallets

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/28 12:06
2 min read
Solana
SOL$91.57+5.38%
Polytrade
TRADE$0.04062-1.14%
Ambire Wallet
WALLET$0.00998+1.83%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet.

According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana (SOL) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found.

On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.”

“Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said.

Featured image of the Google Chrome extension. Source: Chrome Web Store

Related: 5 ‘insidious’ crypto scams to watch out for this year

A long-lived operation

Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing.

Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.”

Related: NPM supply-chain attack compromises major ENS and crypto libraries

The latest of many malicious Google Chrome extensions

Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned that the fourth-most-popular crypto wallet extension in the Chrome Web Store was draining user funds. In late August, decentralized exchange aggregator Jupiter said it had identified another malicious Chrome extension that was emptying Solana wallets.

In June 2024, a Chinese trader reportedly lost $1 million after installing a Chrome plugin called Aggr. That extension stole browser cookies to hijack accounts, including access to the trader’s Binance account.

Magazine: ‘Help! My robot vac is stealing my Bitcoin’: When smart devices attack

Source: https://cointelegraph.com/news/malicious-solana-chrome-extension-skims-sol-rather-than-emptying-the-wallet?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound

Market Opportunity
Solana Logo
Solana Price(SOL)
$91.63
$91.63$91.63
+1.87%
USD
Solana (SOL) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Shibarium Upgrade Nears Completion as SHIB Eyes Price Rally

Shibarium Upgrade Nears Completion as SHIB Eyes Price Rally

TLDR Shibarium explorer sync reaches about 45% after full chain reindex Actual data shows over 14M blocks and 1.56B transactions processed Layer 3 testing begins
Share
Coincentral2026/03/24 01:57
Rises as Trump signals Iran de-escalation, US Dollar sinks

Rises as Trump signals Iran de-escalation, US Dollar sinks

The post Rises as Trump signals Iran de-escalation, US Dollar sinks appeared on BitcoinEthereumNews.com. GBP/USD rises as Trump signals Iran de-escalation, US Dollar
Share
BitcoinEthereumNews2026/03/24 02:12
IP Hits $11.75, HYPE Climbs to $55, BlockDAG Surpasses Both with $407M Presale Surge!

IP Hits $11.75, HYPE Climbs to $55, BlockDAG Surpasses Both with $407M Presale Surge!

The post IP Hits $11.75, HYPE Climbs to $55, BlockDAG Surpasses Both with $407M Presale Surge! appeared on BitcoinEthereumNews.com. Crypto News 17 September 2025 | 18:00 Discover why BlockDAG’s upcoming Awakening Testnet launch makes it the best crypto to buy today as Story (IP) price jumps to $11.75 and Hyperliquid hits new highs. Recent crypto market numbers show strength but also some limits. The Story (IP) price jump has been sharp, fueled by big buybacks and speculation, yet critics point out that revenue still lags far behind its valuation. The Hyperliquid (HYPE) price looks solid around the mid-$50s after a new all-time high, but questions remain about sustainability once the hype around USDH proposals cools down. So the obvious question is: why chase coins that are either stretched thin or at risk of retracing when you could back a network that’s already proving itself on the ground? That’s where BlockDAG comes in. While other chains are stuck dealing with validator congestion or outages, BlockDAG’s upcoming Awakening Testnet will be stress-testing its EVM-compatible smart chain with real miners before listing. For anyone looking for the best crypto coin to buy, the choice between waiting on fixes or joining live progress feels like an easy one. BlockDAG: Smart Chain Running Before Launch Ethereum continues to wrestle with gas congestion, and Solana is still known for network freezes, yet BlockDAG is already showing a different picture. Its upcoming Awakening Testnet, set to launch on September 25, isn’t just a demo; it’s a live rollout where the chain’s base protocols are being stress-tested with miners connected globally. EVM compatibility is active, account abstraction is built in, and tools like updated vesting contracts and Stratum integration are already functional. Instead of waiting for fixes like other networks, BlockDAG is proving its infrastructure in real time. What makes this even more important is that the technology is operational before the coin even hits exchanges. That…
Share
BitcoinEthereumNews2025/09/18 00:32