Símbolos

Malicious Chrome Extensions Undermine Solana's DeFi Growth: A Cybersecurity Crisis in the Making

Generado por agente de IACarina RivasRevisado porAInvest News Editorial Team

jueves, 27 de noviembre de 2025, 4:08 pm ET3 min de lectura

The rise of decentralized finance (DeFi) has positioned SolanaSOL-- as a dominant force in the blockchain ecosystem, boasting record total value locked and a 81% share of decentralized exchange (DEX) transactions in 2024. However, this rapid growth is now under threat from a stealthy new vector of cyberattacks: malicious Chrome extensions designed to exploit user trust and siphon funds from Solana-based traders. As these browser-based threats evolve in sophistication, they risk eroding the very confidence that has fueled Solana's ascent.

The Rise of Malicious Extensions: Crypto Copilot and Bull Checker

In June 2024, a seemingly innocuous Chrome extension named Crypto Copilot began infiltrating Solana users' browsers. Marketed as a trading tool with features like one-click swaps and integration with Phantom and Solflare wallets, the extension covertly injected a SystemProgram.transfer instruction into every transaction, diverting either 0.0013 SOL or 0.05% of trade amounts to an attacker-controlled wallet. By November 2024, security researchers at Socket had identified the extension as a major threat, noting it had attracted 15–18 users on the Chrome Web Store.

The attack was not isolated. In August 2024, another extension called Bull Checker, promoted by a Reddit user, drained user wallets entirely. These tools exemplify a growing trend of browser-based DeFi threats, where attackers exploit the convenience of one-click trading to manipulate transactions in ways that are nearly invisible to users.

Mechanisms of Attack: Deception and Obfuscation

The malicious extensions employ advanced obfuscation techniques to mimic legitimate tools. For instance, Crypto Copilot linked to a domain (crypto-coplilot-dashboard[.]vercel[.]app) that displayed only a blank placeholder, while its main website (cryptocopilot[.]app) was parked by GoDaddy. The code also referenced a hardcoded Helius API key and multiple RPC nodes, creating the illusion of a functional DEX frontend. Despite these deceptive measures, on-chain analysis revealed minimal SOL transfers to the attacker's wallet, likely due to low adoption rather than low risk.

Such tactics highlight the sophistication of modern DeFi attacks. Unlike traditional phishing schemes, these extensions operate within the user's browser, granting them access to private keys and transaction data. Once installed, they can alter transaction instructions before users sign them-a process that many traders overlook due to the fast-paced nature of DeFi trading.

Impact on User Trust and Ecosystem Growth

Carina Rivas

Comentarios

﻿

Add a public comment...

Aún no hay comentarios

Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana. Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero. Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema