Warning for Solana Investors
A new warning for Solana investors comes to light as researchers reveal a deceptive Chrome extension named Crypto Copilot, which stealthily imposes additional fees on users’ transactions. This extension, marketed as a quick trading tool integrated into social media platforms, has been found to manipulate swap operations without users being aware.
Analysis of Crypto Copilot
Examining this extension, analysts from Socket’s Threat Research Team discovered that while it appears to connect to established wallets and display token information from the DexScreener, it executes a hidden action during trades conducted on Raydium. Specifically, each transaction that users undertake is augmented with an extra instruction that executes a transfer of a small amount of SOL to a wallet controlled by the attacker. Victims are unwittingly charged fees ranging from 0.0013 SOL to 0.05% of their trade amount, and crucially, these transfers are not reflected in the user interface, making them virtually invisible.
Launch and Functionality
Crypto Copilot was launched in June 2024 and promises fast swaps for traders looking to capitalize on trends highlighted in X (formerly known as Twitter). Users engage with a one-click swap feature, and the permissions requested by the extension mimic those typical of legitimate trading tools. However, the service does not disclose the additional fees it incurs, and the insidious code is cleverly concealed within heavily obfuscated files, raising alarms as analysts note the risk associated with extensions that facilitate lightning-fast trades. The design inherently encourages rapid transaction authorizations, increasing the likelihood that users will overlook the hidden fees.
Current Status and Recommendations
Currently, Crypto Copilot remains active, despite repeated requests from researchers for its removal. This incident underscores a growing issue in the landscape of browser extensions that interact with blockchain transactions, revealing a vulnerability as the Solana ecosystem sees heightened trading activity, making it an attractive target for cybercriminals. Security experts urge Solana traders to scrutinize their transactions closely, steer clear of unverified extensions, and remain vigilant to any discrepancies in their trading patterns.
