Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Gold vs Crypto
The post Solana Users Face Hidden SOL Fees from Malicious Chrome Extension appeared on BitcoinEthereumNews.com. Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets. Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring. The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction. Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption. What is the Crypto Copilot Malware? The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools. How Does Solana Hidden Fees Work in This Extension? Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with… The post Solana Users Face Hidden SOL Fees from Malicious Chrome Extension appeared on BitcoinEthereumNews.com. Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets. Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring. The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction. Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption. What is the Crypto Copilot Malware? The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools. How Does Solana Hidden Fees Work in This Extension? Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with…

Solana Users Face Hidden SOL Fees from Malicious Chrome Extension

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/11/28 07:18
3 min read
SOL
SOL$91.54+5.30%
TRADE
TRADE$0.04081-0.75%
WALLET
WALLET$0.01002+1.51%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets.

  • Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring.
  • The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction.
  • Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption.

What is the Crypto Copilot Malware?

The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools.

How Does Solana Hidden Fees Work in This Extension?

Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with signing permissions amplify risks, with the extension’s domain parked and backend showing suspicious placeholders.

Frequently Asked Questions

How Can I Tell If I’ve Installed the Crypto Copilot Extension?

Check your Chrome extensions list for “Crypto Copilot” and verify its ID against known malicious reports from Socket’s analysis. If installed since June 2025 and used for Raydium swaps, review your Solana wallet transaction history for unexplained small SOL outflows to unfamiliar addresses. Uninstall immediately and scan your device to prevent further exposure.

What Should Solana Users Do to Avoid Hidden Swap Fees?

To dodge hidden swap fees on Solana, always inspect transaction details before signing, especially with browser extensions. Stick to verified, open-source tools and avoid those requesting broad wallet permissions. If compromised, transfer assets to a new wallet and enable multi-factor authentication for enhanced security against evolving malware threats.

Key Takeaways

  • Malicious Extensions Pose Real Risks: Crypto Copilot demonstrates how seemingly helpful tools can embed hidden SOL transfers, underscoring the dangers of unvetted browser add-ons in crypto trading.
  • Early Detection Saved Potential Losses: Socket’s AI monitoring flagged obfuscated code and discrepancies, limiting the attacker’s haul to small amounts despite months of operation.
  • Proactive Steps for Users: Regularly audit extensions, review on-chain transactions, and migrate to secure wallets to mitigate similar Solana threats moving forward.

Conclusion

The discovery of the Crypto Copilot malware highlights ongoing vulnerabilities in Solana trading tools, where hidden fees can erode user funds without detection. As cybersecurity firms like Socket continue to expose such threats through diligent monitoring, crypto enthusiasts must prioritize transaction verification and tool vetting. Stay informed and adopt secure practices to navigate the evolving landscape of digital asset security with confidence.

Word count: 728

Source: https://en.coinotag.com/solana-users-face-hidden-sol-fees-from-malicious-chrome-extension

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens

XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens

The post XRP Price Prediction: XRP Trapped At $1.37 As Breakout Setup Tightens appeared on BitcoinEthereumNews.com. XRP trades at $1.3771, down 0.53%, pressing
Share
BitcoinEthereumNews2026/03/24 01:08
Why Digital Banks Are Growing 3x Faster Than Traditional Banks

Why Digital Banks Are Growing 3x Faster Than Traditional Banks

The Growth Gap Between Digital and Traditional Banking Digital banks are acquiring customers at approximately three times the rate of their traditional counterparts
Share
Techbullion2026/03/24 00:50
Analyst Predicts ‘Uptober’ Rally for BTC Regardless of FOMC Decision

Analyst Predicts ‘Uptober’ Rally for BTC Regardless of FOMC Decision

The post Analyst Predicts ‘Uptober’ Rally for BTC Regardless of FOMC Decision appeared on BitcoinEthereumNews.com. Bitcoin traded at $116,236 as of 14:04 UTC on Sept. 17, up about 1% in the past 24 hours, holding above a key level as markets await the Federal Reserve’s policy announcement. Analysts’ comments Dean Crypto Trades noted on X that bitcoin is only about 7% above its post-election local peak, while the S&P 500 has risen 9% and gold has surged 36% during the same period. He said bitcoin has compressed more than those assets, making it likely to lead the next larger move, though it could form a “lower high” before extending further. He added that ether could join in once it breaks $5,000 and enters price discovery. Lark Davis pointed to bitcoin’s history around September FOMC meetings, saying every September decision since 2020 — except during the 2022 bear market — has preceded a strong rally. He stressed that the pattern is less about the Fed’s rate choice itself and more about seasonal dynamics, arguing that bitcoin tends to thrive in this period heading into “Uptober.” CoinDesk Research’s technical analysis According to CoinDesk Research’s technical analysis data model, bitcoin rose about 0.9% during the Sept. 16–17 analysis window, climbing from $115,461 to $116,520. BTC reached a session high of $117,317 at 07:00 UTC on Sept. 17 before consolidating. Following that peak, bitcoin tested the $116,400–$116,600 range multiple times, confirming it as a short-term support zone. In the final hour of the session, between 11:39 and 12:38 UTC, BTC attempted a breakout: prices moved narrowly between $116,351 and $116,376 before spiking to $116,551 at 12:34 on higher volume. This confirmed a consolidation-breakout pattern, though the gains were modest. Overall, bitcoin remains firm above $116,000, with support around $116,400 and resistance near $117,300. Latest 24-hour and one-month chart analysis The latest 24-hour CoinDesk Data chart, ending 14:04 UTC on…
Share
BitcoinEthereumNews2025/09/18 12:42