Malicious Chrome Extension Secretly Steals From Solana Traders

Security researchers discovered a malicious Chrome extension called "Crypto Copilot" that had been active since June 2024, secretly stealing from Solana traders. The extension marketed itself as a convenient tool for instant trading directly from Twitter feeds. However, every time a user executed a trade, the extension secretly added a second transaction to send funds to the attacker's wallet, taking either a minimum of 0.0013 SOL or 0.05% of the swap amount, whichever was greater. The theft was highly sophisticated, leveraging Solana's technical design that allows multiple actions in one transaction, and exploiting the simplified transaction summaries shown by most wallets to hide the illicit transfer. The extension used legitimate platforms like Raydium for processing, making the theft look normal. Experts warn this is part of a growing trend where scammers use subtle, long-term theft methods rather than outright draining wallets. Users are advised to scrutinize all transaction details, only install extensions from verified developers, and immediately move funds and revoke access if they used the compromised tool.

(Source：Brave New Coin)