top of page
perceptive_background_267k.jpg

Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an atta…

Published:

25 November 2025 at 17:43:50

Alert date:

5 December 2025 at 08:03:23

Source:

socket.dev

Click to open the original link from this advisory

Socket researchers discovered a malicious Chrome extension that targets Solana cryptocurrency users by manipulating Raydium swap transactions. The extension injects hidden SOL transfer fees into legitimate swap operations without user knowledge. The malicious fees are secretly routed to an attacker-controlled wallet address. This represents a supply chain attack targeting cryptocurrency users through browser extensions. The attack demonstrates sophisticated financial fraud techniques in the DeFi ecosystem.

Technical details

Mitigation steps:

Affected products:

Chrome Extensions
Raydium
Solana

Related links:

https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps?utm_medium=feed
https://socket.dev/chrome/package/iaemdpdnmdkaphnmcogmcgcmhhafcifd/overview/1.1.0

Related CVE's:

Related threat actors:

IOC's:

iaemdpdnmdkaphnmcogmcgcmhhafcifd

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page