According to Koi Security, over 40 malicious extensions masquerading as popular crypto wallets like MetaMask, Coinbase, Trust Wallet, Phantom, Exodus, and OKX have been found in the Mozilla Firefox add-on store. These fake applications, active since April 2025, steal wallet credentials, including mnemonic phrases and private keys, transmitting them to the attackers' servers. Some extensions are still available for download, posing a serious threat to users. This was reported in the Koi Security report dated July 3, 2025.
Malicious actors use cloned open codes of legitimate wallets, adding harmful code that stealthily steals data. To increase trust, they create hundreds of fake five-star reviews that mislead users. Koi Security has detected signs indicating a Russian-speaking hacker group, including Russian comments in the code and suspicious metadata. Users are advised to install extensions only from verified sources and to use whitelists of applications.
This incident highlights the rise of cyber threats in the crypto industry. Stay updated to protect your assets! Subscribe to #MiningUpdates
*#CryptoTheft #FirefoxAlert #MaliciousExtensions #CyberSecurity #MetaMask #Coinbase