Malicious Chrome Extension Siphons 0.05% from Solana Swaps via Hidden Transactions

A Chrome extension named Crypto Copilot has been injecting concealed transfer instructions into Solana trades, extracting at least 0.0013 SOL or 0.05% per transaction since June 2024. Socket's Threat Research Team uncovered the scheme, revealing that the tool appends unauthorized transfers to legitimate Raydium swaps. Users reviewing wallet confirmation screens see only summarized transaction details, leaving the additional instruction undetected during approval.