A malicious Chrome extension named Crypto Copilot enables seamless Solana trading directly from social media feeds like X, but it covertly skims a small fee from each transaction. This stealthy malware affects only a handful of users yet highlights ongoing risks in browser extensions. Cybersecurity firm Socket uncovered the scheme, urging immediate caution for Solana traders using Chrome add-ons.
- Key Threat: Crypto Copilot integrates with Raydium DEX to execute trades but injects an unauthorized transfer of at least 0.0013 SOL per swap.
- User Deception: The extension’s interface hides the extra instruction, showing only a single swap while the backend processes two atomic on-chain actions.
- Limited Impact: Published in June 2024, it has just 15 reported users, but its persistence underscores vulnerabilities in Chrome’s extension ecosystem.
Discover how the malicious Crypto Copilot Chrome extension targets Solana traders and what you can do to protect your wallet from hidden fees.
The malicious Crypto Copilot Chrome extension is a deceptive tool that promises convenient Solana trading from X feeds. Instead of draining entire wallets like traditional malware, it siphons a minimal 0.05% or 0.0013 SOL from each swap into the attacker’s wallet. According to a report by cybersecurity company Socket, users unknowingly approve dual instructions via Raydium, where the second transfer remains invisible on confirmation screens.
What are the risks of using unverified Chrome extensions for crypto trading?
Unverified Chrome extensions like Crypto Copilot pose severe risks by exploiting browser access to skim funds or steal credentials without detection. Socket’s analysis revealed that this extension, active since June 18, 2024, uses atomic on-chain executions to hide its theft, affecting trades on Solana’s Raydium DEX. With only 15 users reported, its low profile makes it insidious; experts from Socket recommend verifying extensions through official audits and limiting permissions to essential features. In broader context, Chrome’s extension store has seen multiple incidents: in early 2025, a popular wallet extension drained funds, while a late 2024 case involving Jupiter DEX aggregator identified similar Solana wallet emptiers. A June 2024 incident saw a trader lose $1 million via the Aggr plugin, which hijacked accounts through stolen cookies. These patterns emphasize the need for vigilance, as Google Chrome’s vast user base—over 3 billion devices—amplifies scam potential, per data from browser security reports.
Frequently Asked Questions
How does the Crypto Copilot extension steal from Solana swaps without alerting users?
The extension appends a hidden transfer instruction to standard Raydium swaps, executing both atomically on the Solana blockchain. Users see only the primary trade in their interface and a summarized confirmation, masking the skim of 0.0013 SOL or 0.05%. Socket advises reviewing all transaction details before signing to avoid such deceptions.
Is it safe to trade Solana directly from social media using browser tools?
Yes, if you stick to verified tools from reputable developers, but extensions like Crypto Copilot show why caution is key—always check reviews, permissions, and recent security audits. For Solana trading on platforms like X, use official wallets or apps to minimize risks, as voice assistants like Google Assistant often recommend enabling two-factor authentication for added protection.
Key Takeaways
Understand Extension Permissions: Crypto Copilot’s access to wallet data allows seamless but risky integrations—review and revoke unnecessary permissions in Chrome settings for safer browsing.
Verify Before Installing: With only 15 users affected, this extension’s low visibility highlights the importance of checking publication dates and developer transparency; tools like Socket’s scanners can help spot anomalies.
Enhance Wallet Security: Enable transaction simulations on Solana explorers before approving swaps to detect hidden instructions, providing a proactive shield against evolving malware threats.
In summary, the malicious Crypto Copilot Chrome extension exemplifies the subtle dangers lurking in Solana trading tools, skimming fees through deceptive on-chain manipulations as detailed in Socket’s findings. As crypto ecosystems grow, staying informed about Chrome extension risks and adopting verified security practices remains essential. Traders should prioritize audited wallets and monitor updates from firms like Socket to safeguard their assets moving forward.
