If You Have Crypto and Use Firefox, Hackers are Targeting You
Cybersecurity firm Koi Security has uncovered a large-scale malicious campaign targeting cryptocurrency users through fake Firefox extensions.
The campaign involves more than 40 extensions impersonating widely used crypto wallet tools.
This includes Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox. Once installed, these extensions silently steal wallet credentials and exfiltrate them to attacker-controlled servers, placing user assets at immediate risk.
Crypto Users At Risk
In its latest post, Koi Security revealed that the campaign has been active since at least April 2025. In fact, new fraudulent uploads appeared on the Mozilla Add-ons store as recently as last week,…