- Discovery of 40 malicious crypto wallet extensions on Firefox plugin store.
- Extensions steal mnemonic phrases via implanted code.
- Security firms urge vigilance against fake extensions.
SlowMist’s Chief Information Security Officer, 23pds, announced on July 3rd, 2025, that Koi Security uncovered over 40 fake cryptocurrency wallet extensions on Firefox’s plugin store, mimicking popular wallets such as MetaMask and Coinbase Wallet.
This discovery underscores the rising threat to crypto wallet security as fake extensions exploit vulnerabilities, emphasizing the need for more stringent oversight.
Discovery of 40 Fraudulent Crypto Wallet Extensions on Firefox
SlowMist Technology’s CISO, 23pds, reported the exposure of over 40 fraudulent crypto wallet extensions on Firefox by security firm Koi. These extensions target well-known wallets like MetaMask and Coinbase Wallet by stealing users’ mnemonic phrases through event listener code. The attack is attributed to a Russian-speaking group.
User security is at heightened risk as these extensions replicate popular wallets to siphon confidential information, sending it back to the attackers. This emphasizes the significance of verifying extension sources to protect mnemonic phrases and funds.
Industry professionals and security experts have responded with caution, urging users to install wallet extensions exclusively from verified sources. 23pds, Chief Information Security Officer, SlowMist Technology, reminded the community to beware of malicious wallet extensions and only use verified sources to protect their mnemonic phrases and funds.
Ongoing Threats in Crypto: Implications and Market Dynamics
Did you know? SlowMist previously identified over $1 million in losses from fake Chrome extensions, pointing to ongoing threats in the crypto landscape.
Currently, Ethereum (ETH) trades at $2,563.79, with a market cap of $309.49 billion and a 24-hour trading volume of $24.58 billion. Prices surged 5.76% in the last 24 hours, reflecting robust market dynamics. Data from CoinMarketCap provides this overview.
Insights from the Coincu research team suggest that this incident could spur regulatory scrutiny and security enhancements in the crypto-extension landscape. Historical precedents and the frequency of similar attacks necessitate greater vigilance.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Source: https://coincu.com/346549-malicious-wallet-extensions-firefox/