- Suspected Russian hackers target crypto wallets via fake Firefox extensions.
- Over 40 extensions mimicking wallets discovered.
- High risk to Ethereum and Bitcoin assets.
Over 40 counterfeit Firefox extensions, mimicking major crypto wallets, have been identified, posing substantial risks to Ethereum and Bitcoin users. The activity involves suspected Russian-speaking hackers targeting crypto enthusiasts globally since April 2025.
The incident underscores growing threats to crypto security, with potential individual financial losses from wallet compromise. The broader crypto community remains vigilant, as users must immediately review their extension installations on Firefox.
The suspected Russian-speaking hackers have allegedly uploaded over 40 counterfeit Firefox extensions, which closely mimic major crypto wallet products. Koi Security researcher Yuval Ronen disclosed the campaign, stating, “The attackers cloned open-source wallet extension codebases and inserted malicious code to secretly exfiltrate private keys and seed phrases while maintaining identical branding and ratings as legitimate products.” Mozilla, through spokesperson confirmation, stresses the importance of identifying and removing these malicious add-ons promptly. Their efforts focus on maintaining the browser’s integrity to protect users from exposing their private keys and credentials to these malicious acts.
The immediate effects are significant for individual wallet users, potentially leading to asset losses in cryptocurrencies like Ethereum, Bitcoin, and various altcoins. The ensuing security breach calls for swift community action to protect personal digital assets.
No comprehensive financial impacts have been disclosed by institutions, though the user-level threat remains substantial. Details regarding any institutional measures or reclaim strategies are scarce, leaving the community reliant on individual vigilance.
Potential follow-up actions include further regulatory scrutiny and improved user alerts in the tech ecosystem, aiming to curb similar sophisticated cyber threats. Historical precedents reveal that such attacks, if left unchecked, affect broader DeFi space engagement and governance.
