Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an atta…

Socket researchers discovered a malicious Chrome extension that targets Solana cryptocurrency users by manipulating Raydium swap transactions. The extension injects hidden SOL transfer fees into legitimate swap operations without user knowledge. The malicious fees are secretly routed to an attacker-controlled wallet address. This represents a supply chain attack targeting cryptocurrency users through browser extensions. The attack demonstrates sophisticated financial fraud techniques in the DeFi ecosystem.