Cybersecurity experts have flagged a growing threat in the world of cryptocurrency. A Chrome extension named Crypto Copilot, marketed as a Solana trading assistant, has been secretly siphoning fees from users’ transactions for months. Discovered by the security firm Socket, this extension exposes serious risks for crypto traders leveraging browser-based tools.
The Hidden Threat Behind Crypto Copilot
Crypto Copilot, available on the Chrome Web Store, masks itself as a convenient tool for managing Solana transactions. However, the extension adds an unauthorized hidden transfer instruction to every token swap performed on Raydium, a decentralized exchange built on the Solana blockchain. Each transaction discreetly directs small amounts of Solana (SOL) to an attacker-controlled wallet, costing users funds they never intended to transfer.
According to Socket researchers, the extension extracts at least 0.0013 SOL per transaction or 0.05% of the total trade amount. While this may seem minor, for swaps over higher values, like 100 SOL (roughly $10,000 at current prices), this exploit could steal a substantial amount, making it a scalable theft model.
How the Malware Evaded Detection
Socket’s analysis revealed that Crypto Copilot utilized aggressive code obfuscation techniques and fake domains to avoid detection. Researchers found:
- A hardcoded Solana wallet address embedded directly in the extension’s transaction logic.
- A misspelled and inactive backend domain designed to mask its true purpose.
- Undisclosed functionality buried within its code, unmentioned on its Chrome Web Store listing.
When unsuspecting users approve token swaps, Crypto Copilot silently appends a hidden fee, executing the malicious transaction alongside the legitimate one.
Why This is a Warning for Crypto Traders
Browser-based crypto tools often promise convenience, but Crypto Copilot’s case demonstrates the risks involved. Many decentralized exchange users rely on third-party tools for streamlined transactions without realizing the potential vulnerabilities they expose themselves to.
How to Protect Your Wallet
To safeguard your assets, consider the following steps:
- Avoid browser extensions requesting signing permissions: Stick to well-known and open-source tools whenever possible.
- Review transaction instructions: Always verify the details before approving any transaction.
- Use hardware wallets: Devices from trusted brands like Ledger offer added security against such attacks.
- Transfer assets: If you’ve installed suspicious extensions, migrate funds to a clean wallet immediately.
Malware schemes targeting cryptocurrencies are on the rise. In recent months, similar threats like ModStealer have targeted wallets across various platforms, showing the adaptability of attackers in this space. Staying vigilant and informed is key to securing your digital assets.
Stay Informed and Safe
Crypto Copilot’s ongoing availability on the Chrome Web Store highlights gaps in security within popular app repositories. While Socket has submitted takedown requests, users must be proactive in detecting and avoiding harmful tools. Prioritize trusted platforms, verify app authenticity, and regularly review your crypto wallet activities to prevent exploitative losses.
Looking for secure ways to manage your crypto? Consider using a Ledger Nano X hardware wallet. This product ensures your Solana and cryptocurrency assets are stored offline, away from malicious third-party applications. Learn more here.
