Security firm: Malicious Chrome extension "Crypto Copilot" secretly steals funds from users' Solana transactions

BlockBeats News, November 27, according to Cointelegraph, cybersecurity company Socket has discovered a malicious Chrome extension called "Crypto Copilot" that is secretly stealing funds from users' Solana transactions. This extension allows users to conduct Solana transactions directly from the X social media platform, but injects additional instructions into each transaction to siphon off at least 0.0013 SOL or 0.05% of the transaction amount.

Unlike typical wallet-draining malware, Crypto Copilot uses the Raydium decentralized exchange to execute transactions, while adding a second instruction to transfer SOL to the attacker's wallet. The user interface only displays a transaction summary, hiding the individual operation instructions. Since its release on June 18, 2024, the extension has only had 15 users. Socket has submitted a takedown request to the Chrome Web Store security team. Security experts remind users that the Chrome extension ecosystem, due to its large user base and scalable design, has long been a popular target for cryptocurrency scams.