• About
  • FAQ
  • Landing Page
Newsletter
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
  • Contact Us
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Bitcoin
  • Ethereum
  • Regulation
  • Market
  • Blockchain
  • Business
  • Guide
  • Contact Us
No Result
View All Result
No Result
View All Result
Home Guide

Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months

admin by admin
November 27, 2025
in Guide
0
Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months
191
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter



In brief

  • Chrome extension Crypto Copilot secretly adds a hidden SOL transfer to every Raydium swap, siphoning fees to an attacker’s wallet.
  • Security platform Socket found the extension uses obfuscated code and a misspelled, inactive backend domain to mask its activity.
  • On-chain theft remains small so far, but the mechanism scales with trade size, and the extension is still live on the Chrome Web Store.

A Chrome extension marketed as a convenient trading tool has been secretly siphoning SOL from users’ swaps since last June, injecting hidden fees into every transaction while masquerading as a legitimate Solana trading assistant.

Cybersecurity firm Socket discovered malware extension Crypto Copilot during “continuous monitoring” of the Chrome Web Store, security engineer and researcher Kush Pandya told Decrypt.

Related articles

Reve 2.0 Review: The Best AI Image Generator for Layout Control

Reve 2.0 Review: The Best AI Image Generator for Layout Control

June 15, 2026
Solv Protocol Will Dump LayerZero, Migrate $700M Tokenized Bitcoin Tech to Chainlink

Solv Protocol Will Dump LayerZero, Migrate $700M Tokenized Bitcoin Tech to Chainlink

May 8, 2026

🚨 Socket researchers uncovered a malicious Chrome extension that injects hidden #SOL transfers into Raydium swaps, quietly siphoning fees to an attacker wallet.

Full analysis → https://t.co/bdGOXViJpA #Solana

— Socket (@SocketSecurity) November 25, 2025

In an analysis of the malicious extension published Wednesday, Pandya wrote that Crypto Copilot quietly appends an extra transfer instruction to every Solana swap, extracting a minimum of 0.0013 SOL or 0.05% of the trade amount to an attacker-controlled wallet.

“Our AI scanner flagged multiple indicators: aggressive code obfuscation, a hardcoded Solana address embedded in transaction logic, and discrepancies between the extension’s stated functionality and actual network behavior,” Pandya told Decrypt, adding that “These alerts triggered deeper manual analysis that confirmed the hidden fee extraction mechanism.”

The research points to risks in browser-based crypto tools, particularly extensions that combine social media integration with transaction signing capabilities.

The extension has remained available on the Chrome Web Store for months, with no warning to users about the undisclosed fees buried in heavily obfuscated code, the report says.

“The fee behavior is never disclosed on the Chrome Web Store listing, and the logic implementing it is buried inside heavily obfuscated code,” Pandya noted.

Each time a user swaps tokens, the extension generates the proper Raydium swap instruction but discreetly tacks on an extra transfer directing SOL to the attacker’s address.

Raydium is a Solana-based decentralized exchange and automated market maker, whereas a “Raydium swap” simply refers to exchanging one token for another through its liquidity pools.

Users who installed Crypto Copilot, believing it would streamline their Solana trading, have unknowingly been paying hidden fees with every swap, fees that never appeared in the extension’s marketing materials or Chrome Web Store listing.

The interface shows only the swap details, and wallet pop-ups summarize the transaction, so users sign what looks like a single swap even though both instructions execute simultaneously on-chain.

The attacker’s wallet has received only small amounts to date, a sign that Crypto Copilot hasn’t reached many users yet, rather than an indication that the exploit is low-risk, as per the report.

The fee mechanism scales with trade size, as for swaps under 2.6 SOL, the minimum 0.0013 SOL fee applies, and above that threshold, the 0.05% percentage fee takes effect, meaning a 100 SOL swap would extract 0.05 SOL, roughly $10 at current prices.

The extension’s main domain cryptocopilot[.]app is parked by domain registry GoDaddy, while the backend at crypto-coplilot-dashboard[.]vercel[.]app, notably misspelled, displays only a blank placeholder page despite collecting wallet data, the report says.

Socket has submitted a takedown request to Google’s Chrome Web Store security team, though the extension remained available at the time of publication.

The platform has urged users to review each instruction before signing transactions, avoid closed-source trading extensions requesting signing permissions, and migrate assets to clean wallets if they installed Crypto Copilot.

Malware patterns

Malware remains a growing concern for crypto users. In September, a malware strain called ModStealer was found targeting crypto wallets across Windows, Linux, and macOS through fake job recruiter ads, evading detection by major antivirus engines for almost a month.

Ledger CTO Charles Guillemet has previously warned that attackers had compromised an NPM developer account, with malicious code attempting to silently swap crypto wallet addresses during transactions across multiple blockchains.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.





Source link

Share76Tweet48

Related Posts

Reve 2.0 Review: The Best AI Image Generator for Layout Control

Reve 2.0 Review: The Best AI Image Generator for Layout Control

by admin
June 15, 2026
0

In brief Reve 2.0 debuted at #2 on the Arena text-to-image leaderboard, behind OpenAI’s GPT Image 2 and ahead of...

Solv Protocol Will Dump LayerZero, Migrate $700M Tokenized Bitcoin Tech to Chainlink

Solv Protocol Will Dump LayerZero, Migrate $700M Tokenized Bitcoin Tech to Chainlink

by admin
May 8, 2026
0

In brief Solv Protocol is migrating more than $700 million in tokenized Bitcoin infrastructure from LayerZero to Chainlink CCIP. The...

Chrome Is Quietly Installing a 4GB AI Model on Your Computer—And Putting It Back If You Delete It

Chrome Is Quietly Installing a 4GB AI Model on Your Computer—And Putting It Back If You Delete It

by admin
May 7, 2026
0

In brief Chrome silently downloads a ~4GB Gemini Nano file called weights.bin to eligible devices with no opt-in prompt, and...

GalaxyOne Head Wants Retail Investors to Stake More, Predict Less

Kelp Blames LayerZero for $292 Million Hack, Plans Switch to Chainlink

by admin
May 6, 2026
0

In brief Kelp says LayerZero approved the setup tied to a $292 million exploit, which LayerZero disputes. The protocol is...

Anthropic Beats OpenAI on Secondary Markets With $1 Trillion Implied Valuation

Someone Built an Open-Source ‘Theoretical Mythos’ to Reverse-Engineer Anthropic’s Most Dangerous AI

by admin
May 5, 2026
0

In brief OpenMythos is a from-scratch reconstruction of the Claude Mythos architecture, built only from public research papers and educated...

Load More
  • Trending
  • Comments
  • Latest
Bitcoin perps just got a US green light, but one catch could decide everything

Bitcoin perps just got a US green light, but one catch could decide everything

May 30, 2026
THORChain exploit turns DeFi halt into trust test

THORChain exploit turns DeFi halt into trust test

May 17, 2026
This week Bitcoin faces as a new fed chair colliding with inflation in its biggest macro test of the year

This week Bitcoin faces as a new fed chair colliding with inflation in its biggest macro test of the year

May 12, 2026
What Choices Will You Make On The Way To A Multipolar World?

What Choices Will You Make On The Way To A Multipolar World?

May 28, 2026

US Commodities Regulator Beefs Up Bitcoin Futures Review

0

Bitcoin Hits 2018 Low as Concerns Mount on Regulation, Viability

0

India: Bitcoin Prices Drop As Media Misinterprets Gov’s Regulation Speech

0

Bitcoin’s Main Rival Ethereum Hits A Fresh Record High: $425.55

0
The Future Is Now, Words Of Wisdom From Jeff Booth

The Future Is Now, Words Of Wisdom From Jeff Booth

July 2, 2026
Reve 2.0 Review: The Best AI Image Generator for Layout Control

Reve 2.0 Review: The Best AI Image Generator for Layout Control

June 15, 2026
Bitcoin perps just got a US green light, but one catch could decide everything

Bitcoin perps just got a US green light, but one catch could decide everything

May 30, 2026
What Choices Will You Make On The Way To A Multipolar World?

What Choices Will You Make On The Way To A Multipolar World?

May 28, 2026

Recent News

The Future Is Now, Words Of Wisdom From Jeff Booth

The Future Is Now, Words Of Wisdom From Jeff Booth

July 2, 2026
Reve 2.0 Review: The Best AI Image Generator for Layout Control

Reve 2.0 Review: The Best AI Image Generator for Layout Control

June 15, 2026

Categories

  • Bitcoin
  • Blockchain
  • Business
  • Ethereum
  • Guide
  • Market
  • Regulation
  • Ripple
  • Uncategorized
  • About
  • FAQ
  • Support Forum
  • Landing Page
  • Contact Us

© Copyright Cryptodnews 2025-2026 All Rights Reserved.

No Result
View All Result
  • Contact Us
  • Homepages
  • Business
  • Guide

© Copyright Cryptodnews 2025-2026 All Rights Reserved.