Wu said that the GoPlus Chinese community tweeted a reminder that it has discovered a malicious Chrome extension disguised as an Ethereum wallet called “Safery: Ethereum Wallet”, which steals assets by encoding users' mnemonic phrases into Sui chain transactions. This extension was released on November 12, 2024, and contains a backdoor that encodes users' mnemonic phrases into Sui addresses and broadcasts microtransactions from an attacker-controlled Sui wallet to steal users' mnemonic phrases, making it highly covert. The attacker's email is kifagusertyna@gmail[.]com, and currently, this extension has not been removed from the Chrome Web Store.