A Chrome extension designed to help people trade on Solana has been exposed for secretly draining users’ funds. The tool, called Crypto Copilot, has reportedly been siphoning money from wallets since mid-2024.
Here’s how the scam works. When you make a swap through the extension, it shows you the main transaction on your confirmation screen. But what it doesn’t show is a hidden instruction buried in the code that transfers 0.05% of your trade, or at least 0.0013 SOL, to the attacker’s wallet. Socket’s cybersecurity team discovered the whole thing.
The extension markets itself as a tool for instant Solana trading right from X, formerly Twitter. But behind the scenes it’s using obfuscated code and minified variables to hide what it’s really doing. Every transaction goes through Raydium, and the extension just slips in that extra transfer instruction that most people never notice.
Socket says the extension connects to a backend server that tracks wallets, monitors activity, and logs referral data. There’s supposedly a dashboard at cryptocopilot.app, but it’s not even functional, which is a huge red flag for any legitimate platform.
The losses might seem small per transaction, but for frequent traders they add up fast. Socket is warning everyone to verify extensions carefully and actually read transaction details before approving anything.
Conclusion
The Crypto Copilot incident exposes critical vulnerabilities in browser-based crypto tools, reminding users that even convenient trading extensions require thorough verification before trusting them with wallet access.
Also Read: Vitalik Buterin Donates ETH
