Coin WorldThursday, Jul 3, 2025 6:47 am ET

1min read

Google Chrome and Mozilla Firefox users are currently facing significant security threats. Chrome is being targeted through a dangerous zero-day vulnerability, while Firefox users are under attack from a slew of harmful browser extensions. On July 1, cybersecurity experts uncovered a malicious campaign involving 45 fake Firefox extensions designed to steal cryptocurrency wallet details from unsuspecting users. These extensions impersonate legitimate crypto wallet tools from widely used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. A security researcher at Koi Security, Yuval Ronen, reported on Wednesday that these extensions steal users’ wallet secrets and credentials.

The campaign has been active since April 2025 and is still evolving to discover further harmful activities in the browser. The first step in the destructive move was to gain trust through ratings, reviews, branding, and functionality, which makes the extension appear widely adopted and well reviewed. After gaining trust, they used identical names and logos to impersonate the real services with visual similarities to deceive the users. In cases of open source, extensions cloned the real codebase and inserted their own malicious logic, creating extensions that behaved as expected by secretly stealing personal data. “The extensions extract wallet credentials directly from the targeted websites and exfiltrate them to a remote server controlled by the attacker. During initialization, they also transmit the victim’s external IP address, likely for tracking or targeting purposes,” said Koi Security.

In May 2025, Coinbase Global announced that hackers obtained personal information, putting more than 70,000 customers at risk of attacks and extortion. Many global agencies have addressed various issues related to crypto hacks; however, despite the growing awareness, millions of individuals still fall victim to these crypto kidnappings. To defend against the employees who unknowingly downloaded the malicious extensions for Firefox, these steps are to be followed, as recommended by Koi Security researcher, Ronen. Install extensions only from verified publishers, treat browser extensions as full software assets, use an extension that allows and restricts installation to validated extensions only, and timely monitoring to detect ownership transfers and other signs of compromise over time.

To protect crypto wallets from browser hacks, users should use hardware wallets, avoid browser-based storage, and install wallet tools only from official or verified sources. The best ways to secure crypto wallets in 2025 include enabling 2FA, using cold storage, avoiding public Wi-Fi, monitoring wallet activity, and being aware of phishing and fake extensions. These measures are crucial in safeguarding against the ongoing threats posed by malicious browser extensions and zero-day vulnerabilities.