COINOTAG News, citing Cointelegraph, reports a malicious Chrome extension named Crypto Copilot that surreptitiously siphons Solana funds. The extension claims to enable Solana actions from X but secretly injects an instruction diverting at least 0.0013 SOL or 0.05% of the transaction. Unlike typical wallet malware, it leverages the Raydium DEX to execute moves while adding a second instruction to transfer SOL to the attacker’s wallet, with the UI showing only a summary.
Since its June 18, 2024 release, the extension has drawn only about 15 reported users. Socket filed a takedown request with the Chrome Web Store security team, highlighting ongoing risk from malicious add-ons.
To readers, vet extensions rigorously, review requested permissions, and transact only through trusted interfaces. Do not authorize wallet actions via browser add-ons, and enable security controls provided by browsers and wallets. This incident underscores the need for proactive collaboration between platforms to deter fraud.