Malicious Chrome extension skims Solana swaps with hidden extra transfers

Overview

A malicious Chrome extension known as Crypto Copilot has been discovered to target users trading Solana. This extension facilitates trades directly from X but operates under deceptive practices, skimming a small portion of each transaction without users’ knowledge.

What Happened

The Crypto Copilot extension is designed to allow users to trade Solana seamlessly. However, it includes hidden mechanisms that siphon off a fraction of the transaction amount. This practice raises serious concerns about the security and integrity of trading platforms and tools, particularly those that integrate with popular web browsers like Chrome.

Why It Matters

The emergence of this malicious extension highlights the vulnerabilities that can exist within decentralized finance (DeFi) ecosystems. Users may unknowingly expose themselves to risks when using third-party tools that lack transparency. The situation underscores the need for caution among users who engage in trading activities, especially when utilizing extensions that interact with their crypto wallets.

Impact on the crypto market

• Increased awareness of security risks associated with browser extensions in the crypto space.
• Potential decline in user trust towards third-party trading tools and extensions.
• Heightened scrutiny of the development and distribution of crypto-related software.
• Possible calls for improved security measures and guidelines for users in the DeFi sector.
• Potential impact on the volume of Solana transactions as users reassess their trading practices.

Updated: 11/28/2025, 10:26:42 AM