PANews reported on November 28th that, according to Cointelegraph, cybersecurity company Socket disclosed in a report released Tuesday that a malicious Google Chrome browser extension called Crypto Copilot allows users to trade on the Solana blockchain via X social media feeds while secretly extracting a fee from each transaction and transferring it to the creator's wallet. When the extension uses the decentralized exchange Raydium to perform exchanges for users, it attaches a hidden transfer instruction to transfer Solana coins from the user's account to the attacker's account. Unlike typical malware that attempts to steal the entire wallet balance, this extension extracts at least 0.0013 Solana coins (approximately 0.05% of the transaction amount) per transaction. The user interface only displays the transaction details, and the wallet confirmation interface only summarizes the transaction without displaying specific instructions, causing users to seemingly only sign one transaction while actually authorizing both an exchange and a fund transfer. Although the extension has only accumulated 15 users since its release on June 18, 2024, it still exposes security vulnerabilities in the browser extension ecosystem.