Malicious Chrome extension skims Solana swaps with hidden extra transfers
Analysis
Price Impact
LowThe malicious chrome extension affects a very small number of users (15 reported) and skims only a small portion of solana swaps (0.0013 sol or 0.05% of trade). this is an isolated user-side security issue, not a fundamental vulnerability in the solana blockchain, limiting its broader price impact.
Trustworthiness
HighThe information comes from a report by a reputable cybersecurity company (socket) and is covered by cointelegraph, a well-known crypto news source. the details about the mechanism of the attack are clear and specific.
Price Direction
NeutralWhile any security-related news can cause minor fud, the extremely limited scope of affected users and the nature of the attack (small skimming rather than full wallet drain or protocol exploit) suggest minimal to no significant bearish pressure on sol's price. the market is unlikely to react strongly to such a contained incident.
Time Effect
ShortThe issue is a chrome extension, which can be quickly addressed by google (takedown request already submitted). given the low user count and the non-systemic nature of the attack, any potential negative sentiment will be very short-lived and unlikely to leave a lasting mark on sol's price action.
Original Article:
Article Content:
Adrian Zmudzinski 4 minutes ago Malicious Chrome extension skims Solana swaps with hidden extra transfers A malicious Chrome extension called Crypto Copilot lets users trade Solana directly from X but secretly skims a small portion of the transaction. Listen 0:00 46 News COINTELEGRAPH IN YOUR SOCIAL FEED A malicious Google Chrome browser extension is letting users trade on Solana, while quietly skimming a fee from every swap into the creator’s wallet. According to a Tuesday report by cybersecurity company Socket, the Google Chrome extension allows users to trade on Solana ( SOL ) from their X social media feed. Unlike typical wallet-draining malware that tries to steal the entire balance, Crypto Copilot “injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade,” Socket found. On the back end, Crypto Copilot uses the decentralized exchange Raydium to perform swaps for the user, but appends a second instruction that transfers SOL from the user to the attacker. The user interface only shows the swap details while wallet confirmation screens “summarize the transaction without surfacing individual instructions.” “Users sign what appears to be a single swap, but both instructions execute atomically on-chain,“ Socket said. Featured image of the Google Chrome extension. Source: Chrome Web Store Related: 5 ‘insidious’ crypto scams to watch out for this year A long-lived operation Socket noted that it submitted a takedown request for the extension to the Chrome Web Store security team. The malicious extension is relatively long-lived, having been published on June 18, 2024, but the store reports that it only has 15 users at the time of writing. Crypto Copilot markets itself as a convenience tool allowing Solana traders to execute swaps directly from Twitter. It promises “allowing you to act on trading opportunities instantly without the need for switching between apps or platforms.” Related: NPM supply-chain attack compromises major ENS and crypto libraries The latest of many malicious Google Chrome extensions Google Chrome’s massive user base and extensible design have long made its extension ecosystem a target for crypto-focused scams. Earlier this month, Socket warned that the fourth-most-popular crypto wallet extension in the Chrome Web Store was draining user funds . In late August, decentralized exchange aggregator Jupiter said it had identified another malicious Chrome extension that was emptying Solana wallets . In June 2024, a Chinese trader reportedly lost $1 million after installing a Chrome plugin called Aggr. That extension stole browser cookies to hijack accounts, including access to the trader’s Binance account. Magazine: ‘Help! My robot vac is stealing my Bitcoin’: When smart devices attack # Cryptocurrencies # Altcoins # Security # Malware # Cybersecurity # Google Chrome # Hacks # Solana Add reaction