Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Gold vs Crypto
The post Chrome Extension Caught Skimming Solana Trades appeared on BitcoinEthereumNews.com. Crime A Google Chrome browser extension advertised as a shortcut for trading Solana directly from the X (Twitter) feed has been identified as malware, quietly siphoning funds from every transaction executed through it. Key Takeaways A malicious Chrome extension added hidden fees to every Solana swap and routed them to an attacker. The plug-in has been live since June and marketed itself as a trading shortcut for X users. Chrome extensions remain a high-risk environment for crypto transactions due to broad permissions and limited visibility into instructions users sign.  Cybersecurity firm Socket uncovered the scheme and reported that the extension — titled Crypto Copilot — inserts a hidden fee into each swap. Instead of draining entire wallets in a single hit (the hallmark of most Solana-focused malware), the attacker opted for a slower and less noticeable method: taking a small cut from every trade. How the theft is carried out Socket’s review of the code revealed that Crypto Copilot routes swaps through Raydium, a popular Solana DEX. But before users approve the transaction, the extension adds an extra instruction that funnels part of the trade — a minimum of 0.0013 SOL or roughly 0.05% of the swap value — to the attacker. The extension relies on the fact that most users only review the high-level summary shown in the wallet approval window. Because both transfers execute in the same transaction, there is no visible indication that a second transfer is taking place. Installed since June — barely noticed until now Crypto Copilot has been available on the Chrome Web Store since June 18, 2024. According to the storefront listing, it has 15 active users, though the exact number affected by unauthorized transfers is unclear. The extension marketed itself as a productivity upgrade — enabling Solana swaps without leaving the X… The post Chrome Extension Caught Skimming Solana Trades appeared on BitcoinEthereumNews.com. Crime A Google Chrome browser extension advertised as a shortcut for trading Solana directly from the X (Twitter) feed has been identified as malware, quietly siphoning funds from every transaction executed through it. Key Takeaways A malicious Chrome extension added hidden fees to every Solana swap and routed them to an attacker. The plug-in has been live since June and marketed itself as a trading shortcut for X users. Chrome extensions remain a high-risk environment for crypto transactions due to broad permissions and limited visibility into instructions users sign.  Cybersecurity firm Socket uncovered the scheme and reported that the extension — titled Crypto Copilot — inserts a hidden fee into each swap. Instead of draining entire wallets in a single hit (the hallmark of most Solana-focused malware), the attacker opted for a slower and less noticeable method: taking a small cut from every trade. How the theft is carried out Socket’s review of the code revealed that Crypto Copilot routes swaps through Raydium, a popular Solana DEX. But before users approve the transaction, the extension adds an extra instruction that funnels part of the trade — a minimum of 0.0013 SOL or roughly 0.05% of the swap value — to the attacker. The extension relies on the fact that most users only review the high-level summary shown in the wallet approval window. Because both transfers execute in the same transaction, there is no visible indication that a second transfer is taking place. Installed since June — barely noticed until now Crypto Copilot has been available on the Chrome Web Store since June 18, 2024. According to the storefront listing, it has 15 active users, though the exact number affected by unauthorized transfers is unclear. The extension marketed itself as a productivity upgrade — enabling Solana swaps without leaving the X…

Chrome Extension Caught Skimming Solana Trades

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/28 05:40
3 min read
Sign
SIGN$0.05335+3.35%
Polytrade
TRADE$0.04069-3.57%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
Crime

A Google Chrome browser extension advertised as a shortcut for trading Solana directly from the X (Twitter) feed has been identified as malware, quietly siphoning funds from every transaction executed through it.

Key Takeaways
  • A malicious Chrome extension added hidden fees to every Solana swap and routed them to an attacker.
  • The plug-in has been live since June and marketed itself as a trading shortcut for X users.
  • Chrome extensions remain a high-risk environment for crypto transactions due to broad permissions and limited visibility into instructions users sign. 

Cybersecurity firm Socket uncovered the scheme and reported that the extension — titled Crypto Copilot — inserts a hidden fee into each swap. Instead of draining entire wallets in a single hit (the hallmark of most Solana-focused malware), the attacker opted for a slower and less noticeable method: taking a small cut from every trade.

How the theft is carried out

Socket’s review of the code revealed that Crypto Copilot routes swaps through Raydium, a popular Solana DEX. But before users approve the transaction, the extension adds an extra instruction that funnels part of the trade — a minimum of 0.0013 SOL or roughly 0.05% of the swap value — to the attacker.

The extension relies on the fact that most users only review the high-level summary shown in the wallet approval window. Because both transfers execute in the same transaction, there is no visible indication that a second transfer is taking place.

Installed since June — barely noticed until now

Crypto Copilot has been available on the Chrome Web Store since June 18, 2024. According to the storefront listing, it has 15 active users, though the exact number affected by unauthorized transfers is unclear.

The extension marketed itself as a productivity upgrade — enabling Solana swaps without leaving the X interface — which likely helped it avoid early suspicion. Socket says it has already requested that Google remove the listing, but the plug-in remained accessible at the time of reporting.

Growing pattern of Chrome-based wallet theft

This is not an isolated case. Malicious Chrome extensions have become one of the most effective attack vectors targeting crypto users:

  • Earlier this month, Socket flagged another highly downloaded wallet extension that was draining funds.
  • In August, the Jupiter team warned Solana users about a Chrome plug-in that emptied wallets.
  • In June 2024, a Chinese trader reported losing $1 million after installing a malicious extension that harvested browser cookies and gained access to his Binance account.

Security researchers caution that Chrome extensions have become a preferred target because users often accept permission prompts without understanding the access being granted.

The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.

Author

Alex is an experienced financial journalist and cryptocurrency enthusiast. With over 8 years of experience covering the crypto, blockchain, and fintech industries, he is well-versed in the complex and ever-evolving world of digital assets. His insightful and thought-provoking articles provide readers with a clear picture of the latest developments and trends in the market. His approach allows him to break down complex ideas into accessible and in-depth content. Follow his publications to stay up to date with the most important trends and topics.

Related stories

Next article

Source: https://coindoo.com/chrome-extension-caught-skimming-solana-trades-users-unknowingly-paying-hacker-fee/

Market Opportunity
Sign Logo
Sign Price(SIGN)
$0.05335
$0.05335$0.05335
+0.26%
USD
Sign (SIGN) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Fed forecasts only one rate cut in 2026, a more conservative outlook than expected

Fed forecasts only one rate cut in 2026, a more conservative outlook than expected

The post Fed forecasts only one rate cut in 2026, a more conservative outlook than expected appeared on BitcoinEthereumNews.com. Federal Reserve Chairman Jerome Powell talks to reporters following the regular Federal Open Market Committee meetings at the Fed on July 30, 2025 in Washington, DC. Chip Somodevilla | Getty Images The Federal Reserve is projecting only one rate cut in 2026, fewer than expected, according to its median projection. The central bank’s so-called dot plot, which shows 19 individual members’ expectations anonymously, indicated a median estimate of 3.4% for the federal funds rate at the end of 2026. That compares to a median estimate of 3.6% for the end of this year following two expected cuts on top of Wednesday’s reduction. A single quarter-point reduction next year is significantly more conservative than current market pricing. Traders are currently pricing in at two to three more rate cuts next year, according to the CME Group’s FedWatch tool, updated shortly after the decision. The gauge uses prices on 30-day fed funds futures contracts to determine market-implied odds for rate moves. Here are the Fed’s latest targets from 19 FOMC members, both voters and nonvoters: Zoom In IconArrows pointing outwards The forecasts, however, showed a large difference of opinion with two voting members seeing as many as four cuts. Three officials penciled in three rate reductions next year. “Next year’s dot plot is a mosaic of different perspectives and is an accurate reflection of a confusing economic outlook, muddied by labor supply shifts, data measurement concerns, and government policy upheaval and uncertainty,” said Seema Shah, chief global strategist at Principal Asset Management. The central bank has two policy meetings left for the year, one in October and one in December. Economic projections from the Fed saw slightly faster economic growth in 2026 than was projected in June, while the outlook for inflation was updated modestly higher for next year. There’s a lot of uncertainty…
Share
BitcoinEthereumNews2025/09/18 02:59
Trump is running out of time — and Republicans ready to abandon him

Trump is running out of time — and Republicans ready to abandon him

When President Donald Trump was reelected in 2024, he rode in on a largely populist message that promised to lower prices, reduce inflation, cut taxes, and improve
Share
Alternet2026/03/23 22:02
Trump twists himself in knots to explain why giving Iran money is different from Obama

Trump twists himself in knots to explain why giving Iran money is different from Obama

President Donald Trump spoke to reporters ahead of a trip to Memphis, Tennessee on Monday morning after spending the weekend in Palm Beach, Florida. Trump took
Share
Alternet2026/03/23 22:38