Solana Chrome extension 'Crypto Copilot' dey secretly divert funds from Raydium swaps

Published: 2025-11-28 07:37:28 |

Crypto Copilot, one bad Chrome extension wey dey target Solana users, dem find say e dey insert hidden SystemProgram.transfer instruction inside Raydium swap transactions wey dey divert small part of each trade go attacker‑controlled address. Security firm Socket analysis show say the extension dey take about 0.05% of each swap (minimum ~0.0013 SOL) by appending hidden transfer to the on‑chain payload while the extension UI dey show only the main swap. The extension do code obfuscation (minification and rename variables) and e dey phone home to backend dashboard (crypto-coplilot-dashboard.vercel.app) to register wallets and report activity. E bin publish for Chrome Web Store mid‑2024, Crypto Copilot get low installs but e show stealth siphoning technique wey fit cause serious cumulative losses for traders wey dey trade often. Traders suppose verify extension authenticity, inspect all transaction instructions for wallet confirmation before approve, remove unfamiliar browser extensions, and follow security researchers’ advisories. Keywords: Solana extension, Crypto Copilot, hidden transfer, Raydium, SystemProgram.transfer, wallet security.

Bearish

Di exploit dey target Solana (SOL) swaps directly, e dey siphon small percentage from every trade. Even though per‑swap amount (≈0.05% or ≥0.0013 SOL) small, frequent traders and high‑volume users fit suffer accumulated losses. Immediate market reaction for SOL go likely negative but limited: low install numbers and small size of each theft dey reduce systemic risk, so price impact for short term suppose be modest as confidence dey drop among users of browser‑based tools. Long term, repeated incidents of malicious extensions go increase perceived custodial/UX risk around Solana dApps and browser tooling, we fit suppress on‑chain swap volume and put downward pressure on SOL demand among retail traders. Overall: short‑term modest bearish sentiment driven by security concerns and possible reduction in trading activity; long‑term risk depend on responses from marketplaces, wallet UIs, and extension stores to mitigate such attacks.