BTCC / BTCC Square / LedgerSpectre /
🚨 Alert: 44 Malicious Firefox Extensions Caught Stealing Crypto – Here’s How to Avoid Them

🚨 Alert: 44 Malicious Firefox Extensions Caught Stealing Crypto – Here’s How to Avoid Them

Published:
2025-07-04 05:36:04
14
2


Security firm Koi Security exposed 44 fake Firefox extensions impersonating crypto wallets (like MetaMask, Trust Wallet) and exchanges (Coinbase, OKX) to steal users’ funds. These extensions use fake 5-star reviews and cloned code to appear legitimate. The scam has been active since April 2025, with new malicious add-ons detected as recently as July. Protect yourself by downloading only verified extensions and monitoring your browser regularly.

Phishing scam stealing cryptocurrencies

How Did These Fake Extensions Trick Users?

Imagine downloading what looks like MetaMask, only to find your crypto wallet drained overnight. That’s the reality for victims of this sophisticated scam. The hackers used two psychological tricks:

  1. Fake Reviews: Hundreds of fabricated 5-star ratings made the extensions seem trustworthy. One fake MetaMask add-on had overwhelmingly positive feedback despite being brand new.
  2. Brand Impersonation: They copied names and logos of top wallets (Trust Wallet, Phantom) and exchanges (Bitget, OKX). Some even forked open-source projects to appear functional while injecting malicious code.

Fake MetaMask wallet extension with fake reviews

What Data Do These Extensions Steal?

These aren’t just adware – they’re financial predators. Once installed, they can:

  • šŸ•µļø Log keystrokes to capture passwords and private keys
  • 🌐 Monitor browsing activity to hijack crypto transactions
  • šŸ“Š Collect IP addresses for targeted phishing attacks

According to TradingView data, crypto-related browser attacks increased 217% YoY in Q2 2025, making this a critical threat.

Full List of 44 Malicious Firefox Extensions

Below are all identified fake extensions (as of July 2025). If you have any installed, remove them immediately:

Fake Wallet ExtensionsFake Exchange Extensions
  • metamask-addons
  • trust-extension-wallet
  • phantom-ext-off
  • keplr-wallet
  • bitget-by-addon
  • okx-wallet-extension1
  • coinbasewallet

Always check official websites for extension links – never trust third-party stores.

3 Ways to Protect Your Crypto Today

Our security analysts recommend:

  1. Verify Before You Trust: Cross-check extension developer names with official company domains.
  2. Use a Pre-Approved List: Bookmark verified extension URLs from project GitHub pages.
  3. Monitor Permissions: If a "crypto wallet" asks for camera access, that’s a red flag!

As noted by CoinGlass, over $28M was stolen via malicious browser extensions in 2024 alone. Don’t become a statistic.

Why Firefox? Aren’t Other Browsers Affected?

While this attack targeted Firefox (due to its open extension ecosystem), Chrome and Edge users aren’t safe either. In 2023, Google removed 106 crypto-fraudulent Chrome extensions. Always practice "extension hygiene" regardless of your browser.

FAQs: Your Burning Questions Answered

How can I check if I installed a malicious extension?

Look for unusual behavior like unexpected password prompts or transactions. Compare the extension ID with the official developer’s website.

Are hardware wallets safe from these attacks?

Yes! Hardware wallets like Ledger or Trezor don’t expose private keys to browsers. They’re your safest bet against extension-based theft.

What should I do if I already lost crypto to a fake extension?

Immediately transfer remaining funds to a new wallet, report the extension to Mozilla/Google, and file a report withif losses exceed $10,000.

|Square

Get the BTCC app to start your crypto journey

Get started today Scan to join our 100M+ users