Lead
Blockchain security firm Socket is warning crypto users that a highly ranked Chrome extension named “Safery: Ethereum Wallet” is a trojan horse designed to siphon seed phrases. The extension currently shows up as the fourth search result for “Ethereum Wallet” in Google’s Chrome Web Store, placing it just behind legitimate products like MetaMask—and making it dangerously easy to install. (Cointelegraph)
How the Backdoor Works
Socket’s reverse engineering found that Safery encodes BIP-39 mnemonics into synthetic Sui addresses, then broadcasts microtransactions of 0.000001 SUI from a threat actor’s wallet. Each transaction effectively exfiltrates the victim’s seed phrase, allowing attackers to reconstruct it and drain assets whenever they choose. The attack triggers whether a user creates a new wallet in the extension or imports an existing one.
Obvious Red Flags
Despite its high ranking, the extension carries telltale signs of fraud:
- No reviews or social proof despite thousands of apparent installs.
- Generic branding and grammatical errors throughout the description.
- No official website, and the developer contact points to a personal Gmail address.
Once alerted, Chrome users can see the warning signs—but only if they slow down and perform due diligence before clicking “Add to Chrome.”
Staying Safe
- Install extensions directly from official project websites rather than relying on store search results.
- Treat any wallet that asks for your seed phrase with extreme caution; reputable extensions only request recovery words when importing and never transmit them elsewhere.
- Monitor outbound microtransactions: unexpected Sui transfers (even tiny ones) could indicate compromise.
- Keep hardware wallets or air-gapped solutions for meaningful balances.
The broader takeaway: browser stores remain a fertile hunting ground for crypto thieves. Double-check everything, and remember that convenience scripts promising “easy wallet management” rarely justify trusting them with the keys to your coins.
Disclaimer: This article is for informational purposes only and should not be considered security or investment advice.