šØ Alert: 44 Malicious Firefox Extensions Caught Stealing Crypto ā Hereās How to Avoid Them
- How Did These Fake Extensions Trick Users?
- What Data Do These Extensions Steal?
- Full List of 44 Malicious Firefox Extensions
- 3 Ways to Protect Your Crypto Today
- Why Firefox? Arenāt Other Browsers Affected?
- FAQs: Your Burning Questions Answered
Security firm Koi Security exposed 44 fake Firefox extensions impersonating crypto wallets (like MetaMask, Trust Wallet) and exchanges (Coinbase, OKX) to steal usersā funds. These extensions use fake 5-star reviews and cloned code to appear legitimate. The scam has been active since April 2025, with new malicious add-ons detected as recently as July. Protect yourself by downloading only verified extensions and monitoring your browser regularly.
How Did These Fake Extensions Trick Users?
Imagine downloading what looks like MetaMask, only to find your crypto wallet drained overnight. Thatās the reality for victims of this sophisticated scam. The hackers used two psychological tricks:
- Fake Reviews: Hundreds of fabricated 5-star ratings made the extensions seem trustworthy. One fake MetaMask add-on had overwhelmingly positive feedback despite being brand new.
- Brand Impersonation: They copied names and logos of top wallets (Trust Wallet, Phantom) and exchanges (Bitget, OKX). Some even forked open-source projects to appear functional while injecting malicious code.
What Data Do These Extensions Steal?
These arenāt just adware ā theyāre financial predators. Once installed, they can:
- šµļø Log keystrokes to capture passwords and private keys
- š Monitor browsing activity to hijack crypto transactions
- š Collect IP addresses for targeted phishing attacks
According to TradingView data, crypto-related browser attacks increased 217% YoY in Q2 2025, making this a critical threat.
Full List of 44 Malicious Firefox Extensions
Below are all identified fake extensions (as of July 2025). If you have any installed, remove them immediately:
| Fake Wallet Extensions | Fake Exchange Extensions |
|---|---|
|
|
Always check official websites for extension links ā never trust third-party stores.
3 Ways to Protect Your Crypto Today
Our security analysts recommend:
- Verify Before You Trust: Cross-check extension developer names with official company domains.
- Use a Pre-Approved List: Bookmark verified extension URLs from project GitHub pages.
- Monitor Permissions: If a "crypto wallet" asks for camera access, thatās a red flag!
As noted by CoinGlass, over $28M was stolen via malicious browser extensions in 2024 alone. Donāt become a statistic.
Why Firefox? Arenāt Other Browsers Affected?
While this attack targeted Firefox (due to its open extension ecosystem), Chrome and Edge users arenāt safe either. In 2023, Google removed 106 crypto-fraudulent Chrome extensions. Always practice "extension hygiene" regardless of your browser.
FAQs: Your Burning Questions Answered
How can I check if I installed a malicious extension?
Look for unusual behavior like unexpected password prompts or transactions. Compare the extension ID with the official developerās website.
Are hardware wallets safe from these attacks?
Yes! Hardware wallets like Ledger or Trezor donāt expose private keys to browsers. Theyāre your safest bet against extension-based theft.
What should I do if I already lost crypto to a fake extension?
Immediately transfer remaining funds to a new wallet, report the extension to Mozilla/Google, and file a report withif losses exceed $10,000.
