BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Chrome extension steals MEXC API keys, enables theft online.

  • A malicious Chrome extension named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh) steals newly created API keys with withdrawal rights from MEXC accounts.
  • The extension creates API keys inside an authenticated browser session, enables withdrawals, hides that permission in the UI, and sends keys to a hard-coded Telegram bot.
  • The add-on was published on September 1, 2025, has 29 downloads, and remained listed on the Chrome Web Store at the time of reporting.
  • Researchers warn the technique can be adapted to other exchanges and web consoles that issue tokens in-session.

On Jan. 13, 2026, researchers reported that a Chrome extension called MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh) targets accounts on MEXC, a centralized crypto exchange available in over 170 countries (details). The extension was first published on September 1, 2025, by a developer using the handle “jorjortan142” and had 29 downloads.

- Advertisement -

Socket security researcher Kirill Boychenko described the extension’s behavior: “The extension programmatically creates new MEXC API keys, enables withdrawal permissions, hides that permission in the user interface (UI), and exfiltrates the resulting API key and secret to a hardcoded Telegram bot controlled by the threat actor.” The extension listing itself claims it “simplifies connecting your trading bot to the MEXC exchange.”

When a user visits the exchange’s API management page (/user/openapi), the add-on injects a content script that generates an API key, flips the withdrawal permission on, tampers with the UI to appear disabled, extracts the Access Key and Secret Key, and posts them to a hard-coded Telegram bot. The exfiltration uses an HTTPS POST request.

Attackers who receive valid API keys can execute trades and initiate withdrawals from any MEXC account accessed in the compromised browser. The keys remain usable until revoked, so access can persist even after the extension is uninstalled.

The developer handle links to an X account that promotes a Telegram bot named SwapSushiBot and appears on social channels such as TikTok and a YouTube channel. Socket warned the same approach could be adapted to other exchanges, DeFi dashboards, and broker portals.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

Must Read

Ethereum Hosting: TOP 10 Companies to Buy Hosting With Ethereum

If you are looking for Ethereum Hosting, you've hit the jackpot. In this article, we will present the 10 Best companies to buy hosting...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading