Malicious Chrome Extension 'Crypto Copilot' Secretly Siphons SOL from Solana Swaps

6 hour ago

Cybersecurity firm Socket uncovered a malicious Google Chrome extension named 'Crypto Copilot' that discreetly steals Solana (SOL) from users during swap transactions. The extension, which has been available since June 18, 2024, markets itself as a tool for executing trades directly from X (formerly Twitter) feeds, routing swaps through the Raydium decentralized exchange.

Socket's report, released on Tuesday, detailed that the extension injects an extra transfer instruction into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade value to the attacker's wallet. This occurs without user awareness, as wallet interfaces like Phantom summarize transactions without displaying individual instructions. Users sign what appears to be a single swap, but both the legitimate swap and the hidden transfer execute atomically on-chain, Socket explained.

The malicious code is heavily obfuscated in JavaScript, making detection difficult, and the extension connects to a backend domain with typos to track activity. Despite its longevity, the Chrome Web Store reports only 15 active users, and Socket has submitted a takedown request. This incident highlights ongoing security risks in browser extensions, following similar warnings about crypto-draining malware in popular Chrome add-ons earlier this year.

SOL Solana $142.13 -0.60%
The malicious extension news creates negative sentiment but with limited impact due to small user base (15 active users) and immediate takedown action. Fundamental damage is contained - this is a security warning rather than protocol failure. Recent institutional inflows ($476M ETF streak) and corporate treasury expansion (Upexi $23M) provide strong bullish counterweight. Short-term may see minor selling pressure from security concerns, but long-term institutional adoption narrative remains intact.
Technical analysis
Technical indicators show mixed signals: RSI at 42-57 across timeframes suggests neutral momentum, while MACD negative on shorter timeframes indicates near-term weakness. Price trading below key EMAs (141.32 vs EMA20 141.69) confirms bearish pressure, though volume remains subdued.
Sources
Malicious Chrome Extension Secretly Steals From Solana Traders
bravenewcoin.com 27.11.2025 20:06
Malware Chrome Extension Secretly Siphoned Fees From Solana Traders for Months
Decrypt 27.11.2025 20:01
Crypto Users Beware: Hidden Virus Threat – Remove Immediately if Installed
Bitcoin Sistemi 27.11.2025 19:21
Top Today
1 hour ago 8 sources
BlockDAG's $438M Presale and Beat Vesting Drive Optimism as Altcoins Face Market Uncertainty
BDAG
CRO +1.03%
DOT +1.10%
ZEC
FIL -1.36%
4 hour ago 5 sources
Black Friday Crypto Presale Bonuses: IPO Genie and LivLive Unleash Massive Token Incentives
IPO
LIVE +100.66%
5 hour ago 6 sources
Smart Money Shifts from Solana to Digitap Amid Black Friday Presale Boom
SOL -0.60%
TAP -2.42%
6 hour ago 8 sources
Malicious Chrome Extension 'Crypto Copilot' Secretly Siphons SOL from Solana Swaps
SOL -0.60%
6 hour ago 5 sources
Mantle and Bybit Integrate USDT0 for Seamless Cross-Chain Stablecoin Flows
USDT
MNT +2.88%
7 hour ago 7 sources
Nexchain Surges in Crypto Presale Rankings with 250% Black Friday Bonus and Active Testnet
NEX
8 hour ago 5 sources
250 Million USDC Minted in Major Stablecoin Injection, Signaling Institutional Activity
USDC -0.01%
BTC +1.59%
ETH +0.43%