Crypto Copilot Chrome Extension Steals SOL from Users

• Crypto Copilot Chrome extension steals SOL during trades
• The tool pretends to offer Solana trading via X (Twitter)
• Users should uninstall the extension to protect their funds

A new scam targeting Solana users has been uncovered. The malicious Crypto Copilot Chrome extension is posing as a helpful trading tool that allows users to trade SOL directly through X (formerly Twitter). However, behind the scenes, it’s skimming a portion of every transaction without users’ knowledge.

This extension, once installed, integrates with X and makes it appear as if it’s simplifying crypto trading. But instead of acting as a trusted bridge to Solana’s DeFi ecosystem, it secretly drains small amounts of SOL from every swap conducted using the platform.

🔍 How the Scam Works

The scam operates by injecting malicious code into the browser session. While users believe they are executing legitimate trades, the extension silently redirects a part of each swap to wallets controlled by the attackers. This tactic makes it hard to detect unless users closely monitor their outgoing transactions.

Security researchers and community members have begun to track the stolen funds, and early estimates suggest the losses are significant. The extension has gained traction quickly due to its social engineering approach and seemingly useful functionality.

⚠️ What You Should Do

If you have installed the Crypto Copilot Chrome extension, uninstall it immediately. Also, consider revoking any permissions granted via connected wallets and scanning for potential compromises. It’s also wise to move remaining assets to a fresh wallet to prevent further losses.

Users should be cautious of any browser extension that asks for access to their crypto wallets or promises to simplify trading directly through social media platforms. Always verify the source and reviews before installing any crypto-related tool.