Back
Malicious Chrome Extension ‘Crypto Copilot’ Found Diverting Solana Funds

Malicious Chrome Extension ‘Crypto Copilot’ Found Diverting Solana Funds

Cybersecurity firm Socket warns that a Chrome extension posing as a Solana trading assistant siphoned fees from Raydium swaps, prompting user asset migration to secure wallets.

SOL
RAY

Fact Check
The evidence overwhelmingly supports the statement's truthfulness. Multiple high-authority sources from cybersecurity news, crypto-focused media, and IT trade publications directly and consistently report that a Chrome extension named 'Crypto Copilot' was designed to maliciously divert Solana funds. These sources are in complete agreement on the name of the extension and its function, which involved injecting hidden transfer fees or siphoning funds during transactions. The credibility of these reports is significantly strengthened by the fact that several of them attribute the discovery to a specific security firm, Socket. Further corroboration comes from a scam alert on the Binance platform and a contextual threat intelligence post, which both confirm the existence of malicious Chrome extensions targeting Solana users. There is no conflicting evidence among the relevant sources; the few irrelevant sources provided do not pertain to the specific claim. The consistency and high authority of the supporting evidence lead to a high confidence assessment.
Summary

A malicious Chrome extension named 'Crypto Copilot' has been found to covertly siphon fees from Solana trades executed via the Raydium decentralized exchange. Flagged by cybersecurity firm Socket, the tool injected hidden transfer instructions into every swap, diverting either 0.0013 SOL or 0.05% of trade volume to an attacker-controlled wallet. Available on the Chrome Web Store since June, the extension used obfuscated transaction logic that made deductions invisible to users signing bundled transactions. While on-chain evidence suggests the attacker collected only small amounts so far, larger trades faced proportionally higher losses. Socket submitted a takedown request to Google and advised affected users to move assets to fresh wallets.

Terms & Concepts
  • Solana: A high-performance blockchain platform supporting decentralized applications and crypto transactions at low cost.
  • Raydium DEX: A decentralized exchange built on Solana that enables trades and liquidity provision without intermediaries.
  • Chrome Extension: A small software program that customizes and enhances the Chrome browser’s functionality.