Amid increasing threats to crypto wallet security, SlowMist Technology has reported the discovery of over 40 fraudulent crypto wallet extensions on Firefox.
Discovery of Fraudulent Crypto Wallet Extensions
On July 3, 2025, SlowMist's Chief Information Security Officer, 23pds, reported that Koi Security uncovered more than 40 fake crypto wallet extensions in the Firefox plugin store. These extensions disguise themselves as popular wallets like MetaMask and Coinbase Wallet, targeting users by stealing their mnemonic phrases through implanted event listener code. The attack is attributed to a Russian-speaking group.
Ongoing Threats in Crypto: Market Implications
User security is at heightened risk as these extensions replicate popular wallets to siphon confidential information sent back to attackers. 23pds reminded the community to remain vigilant against malicious wallet extensions and use only verified sources to protect their mnemonic phrases and funds.
Security Recommendations
Industry professionals have urged users to install wallet extensions only from trusted sources. Previous incidents, such as over $1 million in losses from fake Chrome extensions, highlight the necessity for caution in the crypto landscape. Current price data shows Ethereum trading at $2,563.79 with a market cap of $309.49 billion.
Given the security risks, users are strongly advised to verify extension sources to protect their mnemonic phrases and funds.
