Synopsis: Crypto Copilot Chrome extension tricked Solana traders into approving hidden SOL skims (0.0013 SOL min or 0.05%) on Raydium swaps from X feeds. Socket exposed the scam on Nov 25, 2025; delete it now.
Traders thought they found a quick way to swap Solana tokens right from X feeds. Instead, Crypto Copilot hid a nasty trick. It skimmed fees on every trade. Cybersecurity firm Socket exposed this scam on November 25, 2025. For months, it tricked users into approving secret transfers. I worry this shows how convenience tools turn deadly in crypto.
How the Scam Works
Users spot tokens on X. They click a swap button from the extension. Crypto Copilot links to wallets like Phantom or Solflare. Then, it uses Raydium exchange for the main trade. However, it adds a hidden step. This extra command sends SOL to the attacker’s wallet. Wallets show just one simple swap. Both parts run together on the blockchain. Users sign without spotting the skim. Smart move by crooks, but scary for traders.
Fees start at 0.0013 SOL minimum. That’s about $0.26 now. For bigger trades over 2.6 SOL, it takes 0.05 percent. A 100 SOL swap loses 0.05 SOL, or $10. The code hides this in messy JavaScript. Variables rename to dodge checks. It even pings a blank site for user data. Published June 18, 2024, by [email protected]. Only 15 users so far. Still, it could grow fast.
A Long-Running Threat
This extension lived quietly since mid-2024. Socket’s AI scanner caught it first. They told Google to remove it. Yet, it stayed up at last check. On-chain data shows tiny thefts now. Low users kept damage small. But imagine power traders. Ten daily 5 SOL swaps? That’s 0.75 SOL gone monthly, or $150. For me, this feels like a slow poison. It blends with normal fees. High-speed Solana hides it well.
Backend sites look fake. Cryptocopilot.app sits parked. Crypto-coplilot-dashboard.vercel.app shows nothing. A typo there screams scam. It uses DexScreener for prices. Helius RPC for blockchain calls. All legit parts mask the crime.
Part of Bigger Chrome Scams
Chrome draws crypto thieves. Its huge users love extensions. This fits a pattern. Earlier this month, Socket flagged a top wallet drainer. August saw another empty Solana wallets. June 2024, Aggr plugin cost a trader $1 million. It stole cookies for Binance access. Jupiter exchange warned then too. Crooks love social media hooks. FOMO drives clicks. I think traders chase speed over safety. That’s the trap.
Stay Safe Now
Check every wallet screen. Expand full details before signing. Hunt extra transfer lines. Got Crypto Copilot? Delete it fast. Move funds to new wallets. Revoke site approvals on Revoke.cash. Skip closed-source tools asking for sign power. Use hardware wallets for big trades. Developers, scan for hidden wallets. Report odd extensions to Google. Vigilance beats greed every time. Crypto thrills, but scams lurk. Stay sharp out there.
Written By Fazal Ul Vahab C H
