Skip to main content

Hidden Fee Scam in Plain Sight: How Crypto Copilot Quietly Drained Solana Traders  



Security researchers disclosed that Crypto Copilot, a Chrome extension, has been consistently skimming SOL from users trying to swap on Raydium. Instead of directly draining wallets, the extension attaches a hidden transfer instruction to legitimate transactions, siphoning at least 0.0013 SOL or 0.05% of the trade value directly into the wallet of an attacker.

How the Hidden Transfer Slipped Past Wallet Screens  


The extension, launched on the Chrome Web Store on June 18, 2024, by a developer account listed as “sjclark76,” positioned itself as the perfect companion for traders glued to X, promising instant swaps directly from the feed by integrating with DexScreener for pricing, Helius for blockchain access, and mainstream wallets like Phantom and Solflare.

When a user initiates a swap, the extension silently modifies the transaction before it ever reaches the wallet. 

The malicious code injects an additional SystemProgram.transfer instruction that routes funds to a hardcoded recipient address. Because the legitimate swap and the theft are combined into a single atomic transaction, the wallet's confirmation screen shows only the expected trade details. The extra transfer remains invisible unless the user consciously expands and examines every instruction, a step only few traders take.

The extension’s source code is heavily compressed and hidden, while its supposed official website, cryptocopilot.app, remains a parked GoDaddy domain with no functional content. As of November 27, 2025, the extension, Crypto Copilot, is still available on the Chrome Web Store with only 12 and 15 known installations.

What Users Must Do Before It’s Too Late


The siphon scheme was disclosed by security company Socket on November 25, 2025, after fully reverse-engineering the extension. According to researcher Kush Pandya, the transfer is silently added to and forwarded to a personal wallet rather than to any protocol treasury, meaning most victims never notice unless they carefully review every instruction before signing.

Socket has submitted a removal request to Google. The incident follows a series of similar attacks on Solana users, including the Bull Checker extension flagged in August 2024 and another high-ranking wallet that was flagged earlier in November 2025, which operate using similar tactics.

Users who have ever installed Crypto Copilot are advised to remove the extension immediately, move remaining funds to a new wallet, and revoke all associated approvals using services such as revoke.cash. 

Moving forward, traders and investors are advised to manually review every transaction instruction before signing, particularly when using third-party browser extensions to interact with Solana protocols.

https://www.cryptobreaking.com/hidden-fee-scam-in-plain/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Hidden%20Fee%20Scam%20in%20Plain%20Sight:%20How%20Crypto%20Copilot%20Quietly%20Drained%20Solana%20Traders  %20
Labels:

Comments

Post a Comment

Popular posts from this blog

Scaramucci Family Invests $100M in Trump-Backed Bitcoin Mining Firm

The recent investment in American Bitcoin highlights the growing interest and participation of prominent figures and families in the cryptocurrency mining sector, particularly in the United States. With over $100 million from the Scaramucci family’s Solari Capital and backing from notable entrepreneurs and investors, American Bitcoin is solidifying its position as a significant player in the evolving blockchain and crypto markets. This move underscores the increasing institutional and individual involvement in Bitcoin and related assets, shaping the future of the crypto industry amidst regulatory and market dynamics. The Scaramucci family’s private investment firm, Solari Capital, has committed over $100 million to American Bitcoin, a major U.S.-based mining company. American Bitcoin raised $220 million in a funding round before going public via reverse merger, with notable backers including Tony Robbins, Charles Hoskinson, Grant Cardone, and Peter Diamandis. The company ...
Post a Comment
Read more

What Does it Mean When BTC Futures Turn Negative Compared to Spot Price?

Recent shifts in the cryptocurrency market highlight a growing cautious sentiment among traders, as the Bitcoin futures-to-spot basis has turned negative for the first time since March 2025. This development suggests a potential cooling of investor enthusiasm, with traders showing a preference to de-risk amid increasing market volatility. The trend underscores ongoing uncertainty in the crypto markets, impacting Bitcoin’s price outlook and trading dynamics. Bitcoin futures-spot basis has dipped into negative territory, signaling increased caution among traders. Internal exchange flow surges often precede heightened volatility and liquidity stress. The market’s leverage ratio has decreased, indicating a healthier futures environment and reduced forced-liquidation risks. Historical patterns of negative basis may point either to a market bottom or further downside, depending on subsequent price movements. Bitcoin futures-spot basis signals two different pathways Bitcoi...
Post a Comment
Read more

Binance Blockchain Week Main Stage Agenda

DUBAI- Friday, 21th November 2025 - Binance Blockchain Week will feature a lineup of government leaders, industry pioneers, and cultural icons for pivotal discussions on the future of the digital economy. The event will unpack critical topics, from Bitcoin and tokenization to the future of digital money, with headline keynotes and debates. KEY HIGHLIGHTS: UAE Leadership in AI and Digital Economy: His Excellency Omar Sultan Al Olama, Minister of State for Artificial Intelligence, will open the main stage with a keynote address on the UAE's strategic vision and leadership in AI, digital assets, and the future economy. Michael Saylor's UAE Debut: Michael Saylor, Executive Chairman & Co-Founder of MicroStrategy, will deliver his first ever keynote in the UAE, "The Undeniable Case for Bitcoin," followed by a live community AMA. Industry Titans Unite: A powerhouse panel featuring Brad Garlinghouse (CEO, Ripple), Lily Liu (President & Co-Founder, Solan...
Post a Comment
Read more