Popular web browsers Google Chrome and Mozilla Firefox are facing serious security threats. While Chrome is being targeted through a dangerous zero-day vulnerability, Firefox users are under attack from a slew of harmful browser extensions.
On July 1, cybersecurity experts uncovered a malicious campaign involving 45 fake Firefox extensions designed to steal cryptocurrency wallet details from unsuspecting users.
The 45 malicious Firefox extensions impersonate legitimate crypto wallet tools from widely used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. A security researcher at Koi Security, Yuval Ronen, reported on Wednesday that these extensions steal users’ wallet secrets and credentials.
The linkage to discover the fake extensions was made through a meticulous effort to discover shared TTPs and infrastructure. This campaign has been active since April 2025 and is still evolving to discover further harmful activities in the browser.
“The extensions extract wallet credentials directly from the targeted websites and exfiltrate them to a remote server controlled by the attacker. During initialization, they also transmit the victim’s external IP address, likely for tracking or targeting purposes,” said Koi Security.
In May 2025, Coinbase Global announced that hackers obtained personal information, putting more than 70,000 customers at risk of attacks and extortion. Many global agencies, such as OFAC and FATF, have addressed various issues related to crypto hacks; however, despite the growing awareness, millions of individuals still fall victim to these crypto kidnappings.
To defend against the employees who unknowingly downloaded the malicious extensions for Firefox, these steps are to be followed, as recommended by Koi Security researcher, Ronen.
Use hardware wallets, avoid browser-based storage, and install wallet tools only from official or verified sources.
Enable 2FA, use cold storage, avoid public Wi-Fi, monitor wallet activity, and beware of phishing and fake extensions.
Not every day do price prediction experts shift focus from a legacy coin to a…
In a significant boost to its ecosystem credibility, FUNToken has been officially upgraded to an…
Story Highlights The live price of Kava crypto is . This altcoin might hit a…
After weeks of choppy price action, meme coin PEPE is showing technical strength again. According…
Story Highlights The live price of the IMX token is The ImmutableX price could hit…
Story Highlights The price of the Quant token is . The QNT coin price could…