Fake Firefox extensions aim to steal cryptocurrency wallets
Bitget2025/07/03 18:50- Over 40 fake extensions compromise cryptocurrency wallets
- Criminals use wallet names like MetaMask and Coinbase
- Attacks remain active and threaten Firefox users
Cybersecurity experts have identified more than 40 malicious extensions in the Firefox browser designed to steal cryptocurrency wallet credentials. According to a report released by Koi Security, the criminals behind the operation use the names of popular platforms, such as Coinbase, MetaMask and Trust Wallet, to deceive users and collect sensitive information.
🚨 Watch out, crypto enthusiasts! Over 40 fake Firefox extensions mimicking popular wallets have been found. These phishing scams are after your private keys! Check your extensions and stay safe. 🔐 #CryptoSecurity #PhishingAlert
— ₿itBlitz (@BitBlitz) July 3, 2025
These fake extensions pose as legitimate digital wallet tools and, once installed, secretly extract sensitive data from users, exposing digital assets to theft risks. In addition to the aforementioned, other affected brands include Phantom, Exodus, OKX, MyMonero, Bitget, Leap and Keplr.
According to report , the campaign has been active since at least April 2025, with new malicious extensions being uploaded to the Firefox Add-ons Store as recently as last week. The continued activity suggests a persistent operation, with the ability to adapt and update.
To increase the credibility of the fake extensions, the attackers used fake reviews with five-star ratings. Many of the extensions had hundreds of reviews simulating positive experiences, which increased the likelihood of being installed by unsuspecting users.
Koi Security also found clues that indicate the possible involvement of a Russian-speaking cybercriminal group. Fragments of code with comments written in Russian and metadata extracted from files hosted on the servers used in the operation reinforce this suspicion. “While not conclusive, these artifacts suggest that the campaign may have originated from a Russian-speaking cybercriminal group,” the report states.
The security firm emphasizes that the campaign is ongoing, with active extensions still available in the official store. Cryptocurrency wallet users should be extra careful when installing any add-on in Firefox, checking official sources and the authenticity of the tool.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
COC the Game Changer: When Everything in GameFi Becomes "Verifiable", the Era of P2E 3.0 Begins
The article analyzes the development of the GameFi sector from Axie Infinity to Telegram games, pointing out that Play to Earn 1.0 failed due to the collapse of its economic model and trust issues, while Play for Airdrop was short-lived because it could not retain users. COC Game has introduced the VWA mechanism, which verifies key data on-chain in an attempt to address trust issues and build a sustainable economic model. Summary generated by Mars AI. This summary was generated by the Mars AI model, and its accuracy and completeness are still being iteratively updated.
BTC Volatility Weekly Review (November 17 - December 1)
Key metrics (from 4:00 PM HKT on November 17 to 4:00 PM HKT on December 1): BTC/USD: -9.6% (...
When all GameFi tokens have dropped out of the TOP 100, can COC reignite the narrative with a Bitcoin economic model?
On November 27, $COC mining will be launched. The opportunity to mine the first block won't wait for anyone.
Ethereum's Next Decade: From "Verifiable Computer" to "Internet Property Rights"
Fede, the founder of LambdaClass, provides an in-depth explanation of anti-fragility, the 1 Gigagas scaling goal, and the vision for Lean Ethereum.
Trending news
MoreCrypto prices
More
