Popular web browsers Google Chrome and Mozilla Firefox are facing serious security threats. While Chrome is being targeted through a dangerous zero-day vulnerability, Firefox users are under attack from a slew of harmful browser extensions.
On July 1, cybersecurity experts uncovered a malicious campaign involving 45 fake Firefox extensions designed to steal cryptocurrency wallet details from unsuspecting users.
The 45 malicious Firefox extensions impersonate legitimate crypto wallet tools from widely used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. A security researcher at Koi Security, Yuval Ronen, reported on Wednesday that these extensions steal users’ wallet secrets and credentials.
The linkage to discover the fake extensions was made through a meticulous effort to discover shared TTPs and infrastructure. This campaign has been active since April 2025 and is still evolving to discover further harmful activities in the browser.
“The extensions extract wallet credentials directly from the targeted websites and exfiltrate them to a remote server controlled by the attacker. During initialization, they also transmit the victim’s external IP address, likely for tracking or targeting purposes,” said Koi Security.
In May 2025, Coinbase Global announced that hackers obtained personal information, putting more than 70,000 customers at risk of attacks and extortion. Many global agencies, such as OFAC and FATF, have addressed various issues related to crypto hacks; however, despite the growing awareness, millions of individuals still fall victim to these crypto kidnappings.
To defend against the employees who unknowingly downloaded the malicious extensions for Firefox, these steps are to be followed, as recommended by Koi Security researcher, Ronen.
Use hardware wallets, avoid browser-based storage, and install wallet tools only from official or verified sources.
Enable 2FA, use cold storage, avoid public Wi-Fi, monitor wallet activity, and beware of phishing and fake extensions.
In a recent interview, Sal Gilbertie, CEO of Teucrium Trading, opened up about his firm’s…
Jim Cramer revealed he intends to “own” Bitcoin and Ethereum to protect his children’s financial…
The US Securities and Exchange Commission (SEC) recently made headlines by granting approval for Bitwise’s…
Square has launched Square Handy, a compact and durable mobile POS terminal designed for Japan’s…
New U.S. stablecoin legislation is driving a significant increase in stablecoin issuance from banks, asset…
Robinhood has introduced staking for Ethereum (ETH) and Solana (SOL) to its U.S. customers, enabling…