Hacker Group Deploys 40 Fake Crypto Wallet Extensions on Firefox

A Russian-speaking hacker group has deployed over 40 fake crypto wallet extensions on Firefox since at least April 2025. These malicious plug-ins target mainstream wallets such as MetaMask and CoinbaseCOIN-- Wallet. The impersonation of wallet brands on Firefox exposes users to credential theft, posing significant risks for crypto holders. Despite evident malicious activity, numerous fake extensions remain downloadable, challenging automated detection systems.

Security company identified over 40 fraudulent crypto wallet extensions on Firefox, targeting recognized wallet platforms like MetaMask. Implications for crypto users include potential theft of mnemonic phrases, giving hackers access to associated assets. Though some user reviews have exposed these scams, the download volumes remain unusually high. The hacker's method involves mimicking legitimate brands and boosting credibility through fake five-star reviews. Mozilla acknowledges the challenge in removing these fraudulent extensions due to high volumes overwhelming their automated systems.

There is currently no comment from major leaders in the crypto industry or Mozilla regarding these incidents. However, Mozilla elaborated on its blog the human review process once fraud is flagged. The attack primarily involves the theft of mnemonic phrases, which can facilitate unauthorized access to wallets. Victims may face irreversible asset loss due to such breaches. "If a wallet extension reaches a certain risk threshold, human reviewers are alerted to take a deeper look. If found to be malicious, the scam extensions are blocked immediately.”

Similar fake wallet extension attacks in past years resulted in losses exceeding millions, underscoring a continuous threat to crypto safety. Experts suggest the ongoing infiltration by hackers could pressurize digital assetDAAQ-- regulations and security enhancements across platforms. Verifying extension sources remains vital in maintaining crypto asset safety.