Popular web browsers Google Chrome and Mozilla Firefox are facing serious security threats. While Chrome is being targeted through a dangerous zero-day vulnerability, Firefox users are under attack from a slew of harmful browser extensions.
On July 1, cybersecurity experts uncovered a malicious campaign involving 45 fake Firefox extensions designed to steal cryptocurrency wallet details from unsuspecting users.
The 45 malicious Firefox extensions impersonate legitimate crypto wallet tools from widely used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. A security researcher at Koi Security, Yuval Ronen, reported on Wednesday that these extensions steal users’ wallet secrets and credentials.
The linkage to discover the fake extensions was made through a meticulous effort to discover shared TTPs and infrastructure. This campaign has been active since April 2025 and is still evolving to discover further harmful activities in the browser.
“The extensions extract wallet credentials directly from the targeted websites and exfiltrate them to a remote server controlled by the attacker. During initialization, they also transmit the victim’s external IP address, likely for tracking or targeting purposes,” said Koi Security.
In May 2025, Coinbase Global announced that hackers obtained personal information, putting more than 70,000 customers at risk of attacks and extortion. Many global agencies, such as OFAC and FATF, have addressed various issues related to crypto hacks; however, despite the growing awareness, millions of individuals still fall victim to these crypto kidnappings.
To defend against the employees who unknowingly downloaded the malicious extensions for Firefox, these steps are to be followed, as recommended by Koi Security researcher, Ronen.
Use hardware wallets, avoid browser-based storage, and install wallet tools only from official or verified sources.
Enable 2FA, use cold storage, avoid public Wi-Fi, monitor wallet activity, and beware of phishing and fake extensions.
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
XRP is stepping into a larger role in Asia’s digital economy. By 2026, reports say…
Ethereum (ETH) is trading at $4,531, up 1.6% in the last 24 hours, with a…
Best crypto to buy in October has become the hot question for traders, investors, and…
As ADA fights to keep going, investors are looking for crypto projects that offer both…
Ethereum’s early investors are often cited as the most fortunate in crypto history. During its…
A surprising trend has continued to emerge, with market watchers reporting large liquidations and capital…