- Safery: Ethereum Wallet is a malicious Chrome extension designed to steal crypto seed phrases.
- It covertly encodes seed phrases into fake blockchain addresses and sends microtransactions to expose users’ private data.
- The extension ranks fourth in Google Chrome search results for “Ethereum Wallet,” alongside legitimate wallets.
- Users creating or importing wallets through the extension risk immediate fund theft as scammers reconstruct their seed phrases.
- Warning signs include zero reviews, grammatical errors, no official website, and developer contact via Gmail.
A new crypto wallet extension named Safery: Ethereum Wallet on Google’s Chrome Web Store has been identified as a security threat that steals users’ seed phrases. The extension, which claims to provide secure Ethereum asset management, uses a hidden mechanism to send sensitive data to attackers. This issue was detailed in a recent report by Socket.
The extension secretly encodes BIP-39 mnemonic seed phrases into synthetic blockchain addresses on the Sui network and broadcasts microtransactions to these addresses. These transactions appear normal but allow the threat actor to recover the original seed phrases and access wallets. According to the report, “By decoding the recipients, the threat actor reconstructs the original seed phrase and can drain affected assets. The mnemonic leaves the browser concealed inside normal-looking blockchain transactions.”
Safery: Ethereum Wallet appears as the fourth result when users search for “Ethereum Wallet” on the Chrome Web Store, trailing behind well-known options like MetaMask, Wombat, and Enkrypt. Users can either create new wallets or import existing ones, both of which expose their seed phrases to the attackers immediately.
If a new wallet is created, the seed phrase is sent to the scammers right away through the encoded Sui transactions, allowing instant access to funds. In cases where users import an existing wallet, their entered seed phrase is similarly transmitted to the threat actor. The extension performs these actions using a hardcoded cryptographic key controlled by the attacker.
Several indicators signal the extension’s illegitimacy, such as zero user reviews, limited branding, grammatical errors, no official website, and a developer contact listed as a Gmail address. Users are advised to thoroughly research blockchain tools, exercise caution with seed phrases, and prefer trusted wallet options. Monitoring wallet transactions closely is also recommended, as even minor, unexpected blockchain transactions may indicate fraudulent activity.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Blue Origin’s New Glenn Launches NASA Mars Satellites, Booster Lands
- Blue Origin’s New Glenn Booster Lands on Ocean Barge Successfully
- Tesla Shares Drop 6% After Elon Musk’s $1T Bonus Approval
- MoonPay launches multi-chain stablecoin suite with M0 integration
- Michael Saylor Predicts Bitcoin Will Surpass Gold by 2035
