Malicious Chrome Extension Diverts 0.05% from Solana Trades Through Hidden Transfers

A Chrome extension called Crypto Copilot embeds hidden transfer instructions into Solana swaps executed through Raydium, siphoning 0.05% or at least 0.0013 SOL per transaction to an attacker-controlled wallet. The extension appeared on the Chrome Web Store in mid-2024 and markets itself as a tool for instant SOL trading from X feeds. Cybersecurity researchers from Socket's Threat Research Team identified the malicious behavior, which remains concealed from users during transaction confirmation.