[自动翻译] In brief
Chrome extension Crypto Copilot secretly adds a hidden SOL transfer to every Raydium swap, siphoning fees to an attacker's 钱包.
Security platform Socket found the extension uses obfuscated code and a misspelled, inactive backend domain to mask its activity.
On-chain theft remains small so far, but the mechanism scales with trade size, and the extension is still live on the Chrome Web Store.
Decrypt’s Art, Fashion, and Entertainment Hub.
Discover SCENE
A Chrome extension marketed as a convenient 交易 tool has been secretly siphoning SOL from users' swaps since last June, injecting hidden fees into every transaction while masquerading as a legitimate Solana 交易 assistant.
Cybersecurity firm Socket discovered malware extension Crypto Copilot during “continuous monitoring” of the Chrome Web Store, security engineer and researcher Kush Pandya told
🚨 Socket researchers uncovered a malicious Chrome extension that injects hidden
transfers into Raydium swaps, q...