Malicious Wallet on Chrome Ranks High and Steals User Crypto

The malicious extension secretly encodes users’ seed phrases into Sui microtransactions, giving attackers the ability to drain wallets without detection. At the same time, Australian authorities warned that criminals have been impersonating police and exploiting official government systems to pressure victims into transferring their digital assets. Together, these cases reveal how scammers are now blending technical backdoors with social-engineering tactics to deceive even cautious users. Crypto users are cursed to treat unexpected communications with extreme suspicion.

Malicious Wallet App Tricks Users

Blockchain security firm Socket uncovered a dangerous new threat lurking in the Google Chrome Web Store: a malicious wallet extension called “Safery: Ethereum Wallet.” Although it presents itself as a reliable and secure tool for managing Ethereum-based assets, researchers found that the extension contains a sophisticated backdoor that is designed to steal users’ seed phrases and ultimately drain their crypto holdings.

According to Socket’s report, the extension uses an unusually crafty method to export stolen seed phrases. When a user creates a new wallet or imports an existing one, the extension encodes their BIP-39 mnemonic into synthetic Sui-style addresses. It then broadcasts a microtransaction of just 0.000001 SUI from a wallet controlled by the attackers. 

Safery: Ethereum Wallet 

On the surface, the transaction looks harmless, but the destination addresses actually represent fragments of the user’s seed phrase. By decoding these addresses, the scammers can reconstruct the full mnemonic and access the victim’s assets whenever they choose.

This makes the threat particularly dangerous because users may not notice anything suspicious. The extension behaves like a normal Ethereum wallet, offers familiar features, and even ranks fourth in Chrome’s search results for “Ethereum Wallet,” just behind legitimate platforms like MetaMask, Wombat and Enkrypt. That high placement increases the likelihood that unsuspecting users will install it, unaware of the risks.

Search results for ‘Ethereum wallet’

Socket explained  that both new and existing wallet users are vulnerable. Users who generate a fresh wallet through the extension effectively hand over their seed phrase immediately. Those who import an existing wallet expose their already-funded accounts, giving the attackers instant access to all assets tied to that mnemonic.

Despite its polished search ranking, several red flags reveal the extension’s lack of legitimacy. The listing has no reviews, minimal branding, glaring grammatical errors, no official website, and a developer linked only to a Gmail address. These are all signs of an unverified and potentially malicious tool.

Security experts warn that users should be extremely cautious with browser extensions, especially those involving seed phrases or wallet management. They advise researching tools thoroughly, sticking to well-established platforms with verified credibility, and maintaining strong cybersecurity practices. 

Additionally, because Safery’s attack method relies on microtransactions, users should regularly monitor their wallet activity and investigate any unexpected or unusual transactions, no matter how small. Overall, this discovery serves as a reminder that even seemingly minor actions  can open the door to serious financial loss if users are not vigilant.

Scammers Impersonate Aussie Police to Steal Crypto

Meanwhile, Australian authorities recently issued a fresh warning after uncovering a sophisticated scam in which criminals impersonated police officers and misused government systems to pressure victims into surrendering their cryptocurrency. 

According to the Australian Federal Police (AFP), scammers exploited ReportCyber — the official platform for filing cybercrime reports — by submitting reports about their intended victims. They later contacted those people while posing as law-enforcement officials and directed them to the legitimate government website to view the report, giving the scheme an alarming level of credibility.

AFP announcement

In one case, scammers told a victim they would soon hear from a representative of a cryptocurrency company. That second caller then tried to convince the target to transfer money from their wallet to an address controlled by the scammers. The AFP said the victim became suspicious and ended the call before any funds were lost.

Detective Superintendent Marie Andersson explained that the fraudsters reinforced their deception by mimicking real police verification steps, and even claimed that  the victim was named in an investigation after the arrest of a suspect linked to a crypto breach. 

The AFP urged Australians to stay cautious, particularly if they receive unexpected communication about a ReportCyber submission they did not file. They also explained that legitimate law-enforcement agencies will never request access to banking details, cryptocurrency accounts, wallet seed phrases, or any sensitive financial information.

The warning  was made as Australia is working on boosting its efforts to combat crypto-related crime. Earlier this year, regulators reported that over 14,000 scams were dismantled since mid-2023, with more than 3,000 involving digital assets. In Tasmania, authorities found that the top 15 users of crypto ATMs were all scam victims, and collectively lost about USD 1.6 million.