Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
Nov 26, 2025
Browser Security / Cryptocurrency
Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that's capable of injecting a stealthy Solana transfer into a swap transaction and transferring the funds to an attacker-controlled cryptocurrency wallet. The extension, named Crypto Copilot , was first published by a user named "sjclark76" on May 7, 2024. The developer describes the browser add-on as offering the ability to "trade crypto directly on X with real-time insights and seamless execution." The extension has 12 installs and remains available for download as of writing. "Behind the interface, the extension injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade amount to a hardcoded attacker-controlled wallet," Socket security researcher Kush Pandya said in a Tuesday report. Specifically, the extension incorporates obfuscated code that comes to life when a user performs a Raydium swap, manipulatin...
