A malicious browser extension drained your wallet
Fake wallet extensions, compromised extensions, or extensions with excessive permissions can steal your seed phrase, modify transactions, or inject malicious code into websites you visit.
Browser extensions have significant access to your browser activity.
How this attack works
Browser extensions can be granted permission to read and change everything on the pages you visit. A fake wallet extension, a compromised legitimate one, or an over-permissioned utility can capture your seed phrase as you type it, alter transaction details before you sign, or swap addresses shown on the page.
Fake wallet extensions in web stores, and legitimate extensions that get sold or hijacked and pushed as a malicious update, are both common.
Warning signs
- •You installed a wallet or crypto extension from outside the official source.
- •Transaction details or addresses on a site didn't match what you expected.
- •You have extensions with broad permissions you don't recognize or use.
What to do right now
- •Only install extensions from official sources
- •Verify extension publishers carefully
- •Regularly review and remove extensions you don't use
- •Use a separate browser profile for crypto activities
- •Create a brand new wallet after removing suspicious extensions
Not sure this is what happened to you?
Run the 2-minute diagnostic