Security reality check: Top-ranked Chrome ‘wallet’ that steals your seedphrase
A malicious, top-ranked Chrome extension named "Safery" stole user seed phrases by encoding them into micro-transactions on the Sui blockchain.Summary
For several days in November, a malicious Chrome extension called "Safery: Ethereum Wallet" ranked highly on the Chrome Web Store despite being designed to steal user seed phrases. Unlike previous scams that spoofed existing brands, Safery created a polished, original identity with fake reviews to climb search rankings. The attack vector was unique: instead of communicating with external servers, the extension encoded fragments of stolen seed phrases into seemingly random, minuscule SUI token transfers on the Sui blockchain. This used the blockchain itself as a low-latency, public communication channel for data exfiltration. Security firm Socket analyzed the threat, noting that Safery avoided traditional detection methods because it operated within standard wallet permissions and used on-chain transactions rather than HTTP requests. The success highlighted flaws in Chrome Web Store vetting, which relies heavily on automated scans and keyword matching. Researchers are now calling for stronger heuristics, such as automatically flagging extensions that prompt for seed phrases, and users are advised to rigorously vet any crypto extension's publisher history and permissions, as browser wallets present a significant security risk.
(Source:CryptoSlate)