- A Chrome extension named Crypto Copilot injects hidden Solana token (SOL) transfers during swaps, diverting funds to an attacker’s wallet.
- The extension was published on the Chrome Web Store on May 7, 2024, and remains available with at least 12 installs.
- It targets Raydium, a decentralized exchange on the Solana Blockchain, by modifying swap transactions with stealth fees.
- The hidden fee ranges from a minimum of about $0.03 to 2.6 SOL (~$100) plus 0.05% of the swap amount, sent to a hardcoded wallet.
- The extension uses code obfuscation and legitimate crypto services to avoid detection and appear trustworthy.
A malicious browser extension called Crypto Copilot has been found on the Chrome Web Store injecting unnoticed Solana (SOL) transfers into swap transactions. Discovered by Cybersecurity researchers, the extension diverts cryptocurrency to an attacker-controlled wallet during user trades. It was published on May 7, 2024, by a user named “sjclark76” and currently has 12 installs.
Crypto Copilot targets swaps made via Raydium, a decentralized exchange (DEX) and automated market maker on the Solana blockchain. The extension adds a hidden transfer using the SystemProgram.transfer method, which silently sends funds to a hardcoded wallet before the user signs the transaction. The fee is a minimum of 0.0013 SOL (approx. $0.03) or 0.05% of the swap amount, increasing to 2.6 SOL (~$100) plus 0.05% for larger trades.
The extension employs obfuscated and minified code to hide its activities and evade detection. Despite its malicious intent, Crypto Copilot interacts with legitimate services like DexScreener and Helius RPC to appear authentic. It also communicates with backend domains, including “crypto-coplilot-dashboard.vercel[.]app” and “cryptocopilot[.]app,” none of which host genuine products.
Socket security researcher Kush Pandya noted that users are unaware of these hidden fees as the user interface only displays standard swap details. As stated in the Socket report, the extension silently siphons a minimum of 0.0013 SOL or 0.05% from each swap to a personal wallet rather than a protocol treasury, making detection difficult without thorough transaction inspection.
Despite the risks, the extension remains available on the Chrome Web Store and continues to exploit users conducting Solana token swaps.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
