Deceptive Chrome Extension Manipulates Solana Transactions
A harmful Chrome extension named Crypto Copilot surreptitiously siphons transaction fees from Solana trades.
A hazardous Chrome extension named Crypto Copilot allows users to trade on Solana directly through their X social media feed, while stealthily extracting a fee from every transaction.
A recent report by cybersecurity firm Socket reveals that this extension adds an unnoticed transfer that siphons a minimum of 0.0013 SOL (or 0.05% of the total trade) from the user’s account into the creator’s wallet.
On the backend, Crypto Copilot utilizes the decentralized exchange Raydium for executing trades but includes an extra step that diverts SOL from the user to the attacker, while the user is led to believe they are executing a single trade. Only the swap details are shown on the interface, and wallet confirmations obfuscate the individual instructions of the transaction.
“Users sign what appears to be a single swap, but both instructions execute atomically on-chain,” stated Socket.
Featured image of the Google Chrome extension. Source: Chrome Web Store
Socket has notified the Chrome Web Store security team for action against the extension that was released on June 18, 2024, although it reportedly has only 15 active users.
Crypto Copilot advertises itself as a tool for enhancing the convenience of Solana traders by allowing immediate swaps without toggling between multiple applications.
A Recurring Issue
The vast user base of Google Chrome, alongside its flexible design, has consistently made it a target for crypto-related scams. Earlier this month, Socket revealed that the fourth most popular crypto wallet extension in the Chrome Web Store was unexpectedly draining user funds. In late August, another malicious Chrome extension aimed at stealing from Solana users was detected by the decentralized exchange aggregator Jupiter.
In June 2024, a Chinese trader reportedly lost $1 million due to a Chrome plugin named Aggr, which compromised security through cookie theft, allowing hackers access to sensitive accounts, including Binance.
Related Articles:
