Malicious Chrome Extension Exposed for Adding Secret SOL Fees Into Raydium Swaps
2025-11-26 23:45
A fresh security warning has emerged for Solana traders after researchers uncovered a Chrome extension that secretly adds extra fees to user swaps. The extension, called Crypto Copilot, promotes fast trading directly from social media feeds. However, investigators found that it quietly inserts a hidden SOL transfer into each Raydium swap. Consequently, unsuspecting users lose a portion of their assets without any on-screen indication. This discovery raises broader concerns about browser-based trading tools and alerts traders to the risks associated with extensions that require broad signing permissions. Researchers Reveal Concealed Transfer Logic Socket’s Threat Research Team identified the behavior during a review of suspicious extensions linked to Solana activity. The extension appeared legitimate at first glance because it connects to well-known wallets and displays token data from DexScreener. However, researchers noticed that every swap generated two instructions instead of one. The extension builds the correct Raydium swap. It then appends...
