Cybersecurity experts have identified a malicious Chrome extension masquerading as a legitimate Ethereum wallet that secretly steals seed phrases through encoding and microtransactions. Users are urged to only use trusted wallet extensions and monitor unusual blockchain activity. #ChromeExtension #EthereumWallet #SeedPhraseTheft
Keypoints
- The malicious extension is called “Safery: Ethereum Wallet” and is available on the Chrome Web Store.
- It contains a backdoor that encodes seed phrases into fake Sui addresses and sends small microtransactions to them.
- The attacker can decode blockchain transactions to recover seed phrases and drain assets.
- The malware avoids the need for a command-and-control server by embedding data in blockchain transactions.
- Users should avoid untrusted extensions and watch for unusual blockchain RPC activity during wallet operations.
Read More: https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html