Acquista cryptoMercatiSpotFuturesGOLDEarnCentro eventi
Altro
Gold vs Crypto
The post Solana Users Face Hidden SOL Fees from Malicious Chrome Extension appeared on BitcoinEthereumNews.com. Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets. Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring. The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction. Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption. What is the Crypto Copilot Malware? The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools. How Does Solana Hidden Fees Work in This Extension? Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with… The post Solana Users Face Hidden SOL Fees from Malicious Chrome Extension appeared on BitcoinEthereumNews.com. Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets. Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring. The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction. Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption. What is the Crypto Copilot Malware? The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools. How Does Solana Hidden Fees Work in This Extension? Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with…

Solana Users Face Hidden SOL Fees from Malicious Chrome Extension

Autore: BitcoinEthereumNews
Fonte: BitcoinEthereumNews
2025/11/28 07:18
3 min di lettura
Solana
SOL$90,36+4,69%
Polytrade
TRADE$0,04079+0,51%
Ambire Wallet
WALLET$0,01+4,38%
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.

Crypto Copilot malware has been secretly draining SOL from users’ wallets since June 2025 by injecting hidden transfer instructions into Raydium swaps. Cybersecurity firm Socket uncovered this threat, revealing how the Chrome extension extracts at least 0.0013 SOL or 0.05% per trade without user knowledge. Immediate removal and transaction vigilance are essential to protect Solana assets.

  • Cybersecurity researchers at Socket identified the malicious extension during routine Chrome Web Store monitoring.
  • The extension appends undisclosed SOL transfers to every swap, scaling fees based on trade size for maximum extraction.
  • Over 0.0013 SOL minimum or 0.05% of larger trades have been siphoned, with total funds to date remaining modest due to limited adoption.

What is the Crypto Copilot Malware?

The Crypto Copilot malware is a deceptive Chrome browser extension posing as a Solana trading assistant that has been active since June 2025. It injects hidden transaction instructions into Raydium swaps, silently transferring SOL to an attacker-controlled wallet. Users remain unaware as the interface masks the extra fee, emphasizing the need for caution with third-party trading tools.

How Does Solana Hidden Fees Work in This Extension?

Solana hidden fees in the Crypto Copilot extension operate through obfuscated code that appends a secondary transfer to legitimate swap instructions on Raydium, a leading Solana decentralized exchange. For trades under 2.6 SOL, a flat 0.0013 SOL fee applies; larger swaps incur 0.05% of the amount, potentially costing $10 on a 100 SOL trade at current prices. Security engineer Kush Pandya from Socket explained, “Aggressive code obfuscation and hardcoded attacker addresses were key red flags our AI scanner detected, leading to confirmation of the fee mechanism.” This structure evades user detection, as wallet pop-ups show only the primary swap details, while both instructions execute on-chain simultaneously. The report highlights that such browser extensions combining social features with signing permissions amplify risks, with the extension’s domain parked and backend showing suspicious placeholders.

Frequently Asked Questions

How Can I Tell If I’ve Installed the Crypto Copilot Extension?

Check your Chrome extensions list for “Crypto Copilot” and verify its ID against known malicious reports from Socket’s analysis. If installed since June 2025 and used for Raydium swaps, review your Solana wallet transaction history for unexplained small SOL outflows to unfamiliar addresses. Uninstall immediately and scan your device to prevent further exposure.

What Should Solana Users Do to Avoid Hidden Swap Fees?

To dodge hidden swap fees on Solana, always inspect transaction details before signing, especially with browser extensions. Stick to verified, open-source tools and avoid those requesting broad wallet permissions. If compromised, transfer assets to a new wallet and enable multi-factor authentication for enhanced security against evolving malware threats.

Key Takeaways

  • Malicious Extensions Pose Real Risks: Crypto Copilot demonstrates how seemingly helpful tools can embed hidden SOL transfers, underscoring the dangers of unvetted browser add-ons in crypto trading.
  • Early Detection Saved Potential Losses: Socket’s AI monitoring flagged obfuscated code and discrepancies, limiting the attacker’s haul to small amounts despite months of operation.
  • Proactive Steps for Users: Regularly audit extensions, review on-chain transactions, and migrate to secure wallets to mitigate similar Solana threats moving forward.

Conclusion

The discovery of the Crypto Copilot malware highlights ongoing vulnerabilities in Solana trading tools, where hidden fees can erode user funds without detection. As cybersecurity firms like Socket continue to expose such threats through diligent monitoring, crypto enthusiasts must prioritize transaction verification and tool vetting. Stay informed and adopt secure practices to navigate the evolving landscape of digital asset security with confidence.

Word count: 728

Source: https://en.coinotag.com/solana-users-face-hidden-sol-fees-from-malicious-chrome-extension

Opportunità di mercato
Logo Solana
Valore Solana (SOL)
$90,37
$90,37$90,37
+0,47%
USD
Grafico dei prezzi in tempo reale di Solana (SOL)
Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.

Potrebbe anche piacerti

South Korea’s $657 Million Exit from Tesla Signals a Big Crypto Pivot

South Korea’s $657 Million Exit from Tesla Signals a Big Crypto Pivot

In a dramatic shift in investment patterns, South Korean retail investors withdrew $657 million from Tesla stock in August 2025, representing the largest monthly outflow in more than two years. At the same time, by mid-2025, they had shifted more than $12 billion into U.S.-listed companies tied to cryptocurrency, indicating a deepening preference for digital […]
Condividi
Tronweekly2025/09/18 14:00
MetaMask to Launch Its Token Sooner Than Expected, Says ConsenSys CEO

MetaMask to Launch Its Token Sooner Than Expected, Says ConsenSys CEO

The post MetaMask to Launch Its Token Sooner Than Expected, Says ConsenSys CEO appeared first on Coinpedia Fintech News MetaMask, the world’s leading Web3 wallet and gateway to decentralized apps, is gearing up to launch its own token. In a recent interview, Consensys CEO and Ethereum co-founder Joe Lubin revealed that a MetaMask token could be launched much earlier than people think, sparking excitement among users and investors who have long been waiting for …
Condividi
CoinPedia2025/09/19 12:56
How is the xStocks tokenized stock market developing?

How is the xStocks tokenized stock market developing?

Author: Heechang Compiled by: TechFlow xStocks offers a tokenized stock service, allowing investors to trade tokenized versions of popular US stocks like Tesla in real time. While still in its early stages, it’s already showing some interesting signs of growth. Observation 1: Trading is concentrated in Tesla (TSLA) As in many emerging markets, trading activity has quickly concentrated on a handful of stocks. Data shows a high concentration of trading volume in the most well-known and volatile stocks, with Tesla being the most prominent example. This concentration is not surprising: liquidity tends to accumulate in assets that retail investors already favor, and early adopters often use familiar high-beta stocks to test new infrastructure. Observation 2: Liquidity decreases on weekends Data shows that on-chain equity trading volume drops to 30% or less of weekday levels over the weekend. Unlike crypto-native assets, which trade seamlessly around the clock, tokenized stocks still inherit the behavioral inertia of traditional market trading hours. Traders appear less willing to trade when reference markets (such as Nasdaq and the New York Stock Exchange) are closed, likely due to concerns about arbitrage, price gaps, and the inability to hedge positions off-chain. Observation 3: Prices move in line with the Nasdaq Another key signal comes from pricing behavior during the initial launch period. Initially, xStocks tokens traded at a significant premium to their Nasdaq counterparts, reflecting market enthusiasm and potential friction in bridging fiat liquidity. However, these premiums gradually diminished over time. Current trading patterns show that the token price is at the upper limit of Tesla's intraday price range and is highly consistent with the Nasdaq reference price. Arbitrageurs appear to be maintaining this price discipline, but there are still small deviations from the intraday highs, indicating some market inefficiencies that may present opportunities and risks for active traders. New opportunities for Korean stock investors? South Korean investors currently hold over $100 billion in US stocks, with trading volume increasing 17-fold since January 2020. Existing infrastructure for South Korean investors to trade US stocks is limited by high fees, long settlement times, and slow cash-out processes, creating opportunities for tokenized or on-chain mirror stocks. As the infrastructure and platforms supporting on-chain US stock markets continue to improve, a new group of South Korean traders will enter the crypto market, which is undoubtedly a huge opportunity.
Condividi
PANews2025/09/18 08:00