Fake Firefox extensions aim to steal cryptocurrency wallets

- Over 40 fake extensions compromise cryptocurrency wallets
- Criminals use wallet names like MetaMask and Coinbase
- Attacks remain active and threaten Firefox users
Cybersecurity experts have identified more than 40 malicious extensions in the Firefox browser designed to steal cryptocurrency wallet credentials. According to a report released by Koi Security, the criminals behind the operation use the names of popular platforms, such as Coinbase, MetaMask and Trust Wallet, to deceive users and collect sensitive information.
🚨 Watch out, crypto enthusiasts! Over 40 fake Firefox extensions mimicking popular wallets have been found. These phishing scams are after your private keys! Check your extensions and stay safe. 🔐 #CryptoSecurity #PhishingAlert
— ₿itBlitz (@BitBlitz) July 3, 2025
These fake extensions pose as legitimate digital wallet tools and, once installed, secretly extract sensitive data from users, exposing digital assets to theft risks. In addition to the aforementioned, other affected brands include Phantom, Exodus, OKX, MyMonero, Bitget, Leap and Keplr.
According to report , the campaign has been active since at least April 2025, with new malicious extensions being uploaded to the Firefox Add-ons Store as recently as last week. The continued activity suggests a persistent operation, with the ability to adapt and update.
To increase the credibility of the fake extensions, the attackers used fake reviews with five-star ratings. Many of the extensions had hundreds of reviews simulating positive experiences, which increased the likelihood of being installed by unsuspecting users.
Koi Security also found clues that indicate the possible involvement of a Russian-speaking cybercriminal group. Fragments of code with comments written in Russian and metadata extracted from files hosted on the servers used in the operation reinforce this suspicion. “While not conclusive, these artifacts suggest that the campaign may have originated from a Russian-speaking cybercriminal group,” the report states.
The security firm emphasizes that the campaign is ongoing, with active extensions still available in the official store. Cryptocurrency wallet users should be extra careful when installing any add-on in Firefox, checking official sources and the authenticity of the tool.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Tether Reveals Investment in Over 120 Tech Firms

MARA Holdings to raise $850M to buy more Bitcoin and repurchase debt

SEC Meets Citadel to Discuss Tokenization Plans
The SEC held talks with Citadel Securities to explore the future of tokenization in traditional finance.Wall Street & Web3: A Quiet RevolutionTokenization Gains Ground on Wall StreetA Glimpse Into the Future of Finance

Tether Unveils Investment Portfolio with 120+ Companies
Tether reveals its venture portfolio, including 120+ firms like Bitdeer and CityPay, showing its broader push beyond stablecoins.Who’s in the Portfolio?A Broader Vision for Tether
Trending news
MoreCrypto prices
More








