Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Crypto Copilot is robbing users with a hidden Solana transaction fee

A malicious Chrome extension named Crypto Copilot injects a hidden Solana transfer fee into legitimate Raydium swap transactions.

byKerem Gülen
November 27, 2025
in Cybersecurity, DeFi & Blockchain, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Cybersecurity researchers at Socket uncovered the malicious Chrome extension Crypto Copilot, which injects hidden Solana transfer fees into Raydium swap transactions on the Chrome Web Store. Published by user sjclark76 on May 7, 2024, the extension has 12 installs and remains available for download.

The extension presents itself as a tool for trading cryptocurrency directly on X, providing real-time insights and seamless execution. Behind this facade, Crypto Copilot manipulates Solana-based transactions executed on Raydium, a decentralized exchange and automated market maker built on the Solana blockchain. When users initiate a swap through Raydium, the extension activates obfuscated code that appends an additional instruction to the transaction before it reaches the user’s signature stage.

This injected instruction consists of a SystemProgram.transfer method, which directs funds from the user’s wallet to a hard-coded address controlled by the attacker. The transfer amount constitutes a minimum of 0.0013 SOL or 0.05 percent of the total trade value, whichever is greater. For swaps exceeding 2.6 SOL, the fee escalates to 2.6 SOL plus 0.05 percent of the swap amount. Socket security researcher Kush Pandya detailed the mechanism in a report released on Tuesday, stating, “Behind the interface, the extension injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0.05 % of the trade amount to a hard-coded attacker-controlled wallet.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

To evade detection, the malicious code employs minification techniques and renames variables, rendering the script difficult to analyze. Users encounter no visible indication of this alteration during the transaction process. The extension’s user interface displays only the standard swap details, omitting any reference to the hidden fee. As a result, individuals typically approve the transaction without awareness of the deduction unless they manually review each instruction prior to signing.

Crypto Copilot integrates with a backend server at crypto-coplilot-dashboard.vercel.app, where it registers connected wallets, retrieves points and referral information, and logs user activities. The associated domain cryptocopilot.app serves no actual product and functions solely as deceptive infrastructure. The extension further bolsters its appearance of legitimacy by incorporating services from DexScreener for market data and Helius RPC for blockchain interactions.

The destination for the siphoned funds is a personal wallet, distinct from any protocol treasury, which complicates user verification. Pandya emphasized this subtlety, noting, “Because this transfer is added silently and sent to a personal wallet rather than a protocol treasury, most users will never notice it unless they inspect each instruction before signing.” He added that the overall setup prioritizes evading platform scrutiny, observing, “The surrounding infrastructure appears designed only to pass Chrome Web Store review and provide a veneer of legitimacy while siphoning fees in the background.”


Featured image credit

Tags: Crypto Copilotsolana

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.