365Crypto
A Top-Ranked Extension Turns Toxic
A Chrome extension listed as a leading Ethereum wallet is stealing seed phrases. It carries a clever backdoor that hides the theft inside tiny blockchain transactions. Traders trusted it because it looked clean and ranked high.
The Trap Behind a Friendly Interface
The extension calls itself “Safery: Ethereum Wallet.” It claims secure ETH storage. Socket security researchers found the opposite. When users create or import a wallet, the extension secretly packs the seed phrase into fake Sui-style addresses.
How the Backdoor Sends Your Keys Away
The tool sends tiny SUI transfers using a hard-coded hacker wallet. Those microtransactions contain encoded pieces of the seed phrase. Anyone controlling that wallet can decode the data and drain assets at any moment. The theft hides inside a normal-looking transaction.
Spotting the Red Flags
The extension has no real branding, no reviews, grammar errors, and lists a Gmail developer. Users are urged to research tools, guard seed phrases, and track even tiny wallet transactions. Small transfers can still signal danger.
Footnotes:
Seed phrase: A group of words that unlocks a crypto wallet.
Sui: A blockchain network used here to conceal data.
Mnemonic: A seed phrase following the BIP-39 standard.
