Stop overpaying - start transferring money with Ogvio. Join the waitlist & grab early Rewards NOW! 🎁
Malicious Chrome Add-on 'Crypto Copilot' Slips Fees Into Raydium Trades
Last Updated: November 27, 2025
✓ Fact Checked
Key Takeaways
- Security firm Socket found Chrome add-on “Crypto Copilot” stealing small amounts of Solana during Raydium trades without user consent;
- The extension, disguised as a Solana trading tool for X, secretly adds a hidden SOL transfer step in each transaction approval screen;
- Experts warn this scam shows risks of browser add-ons with finance access; users should only install verified extensions and review permissions.
A harmful Chrome browser add‑on known as Crypto Copilot was found taking small amounts of Solana
Security experts at Socket reported these findings on November 25 after reviewing the extension's actions.
This extension interacts with the decentralized exchange Raydium
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Polygon in Crypto? (Animated Explainer)
Without the user knowing, at least 0.0013 SOL, roughly 0.05% of the trade amount, gets sent to a wallet owned by the malicious operator.
Although Crypto Copilot presents itself as a tool for executing Solana trades from X, it secretly includes a malicious step in the transaction screen. This makes detecting the extra SOL transfer difficult unless users check every detail of the transaction approval.
The extension became available in the Chrome Web Store on June 18, 2024. Despite being reported to Google, it was still active as of late November and had only 15 installs when discovered by Socket's analysts.
Reviews show that each Raydium transaction with this add-on includes a hidden instruction that sends SOL to the attacker's wallet. Most people may not notice the missing funds since the process is disguised within a typical swap approval screen.
Researchers from Socket have warned that browser extensions accessing social media or financial services could be abused for similar scams. Their advice is to use only add-ons from verified developers and never grant permissions without understanding what the extension can do.
A Chrome extension named “Safery: Ethereum Wallet” secretly collects users’ recovery phrases under the guise of a secure crypto wallet. What did Socket say? Read the full story.
Loading...
The Most Liked Crypto News Findings
Looking for more latest crypto news on related topic? We have gathered similar news articles for you to spare your time. Take a look!
