Crypto Fraud Cases Occurring in Firefox Through Add-ons in the Form of Crypto Wallets

2025-07-03
Crypto Fraud Cases Occurring in Firefox Through Add-ons in the Form of Crypto Wallets

Cybercriminals have launched a sophisticated fraud campaign targeting cryptocurrency users on the Firefox browser by uploading fake wallet extensions to the official Firefox Add-ons store. 

These malicious add-ons, which impersonate trusted wallets like MetaMask, Trust Wallet, and Coinbase Wallet, are designed to steal sensitive data such as seed phrases, enabling attackers to gain full access to victims’ crypto assets.

As crypto adoption continues to grow, so do threats targeting unsuspecting users. This case highlights the critical need for vigilance and secure browsing practices in the Web3 era.

sign up on Bitrue and get prize

How the Scam Works

Researchers at cybersecurity firm Koi Security identified over 40 fraudulent extensions mimicking popular crypto wallets on Firefox. 

These add-ons aren’t just lookalikes—they are cleverly modified versions of legitimate open-source wallets, enhanced with malicious code designed to siphon user data.

The malicious logic includes:

  • Event listeners that monitor input fields for data exceeding 30 characters, typical of seed phrases.

  • Code obfuscation and tricks like zero-opacity warnings to prevent alerts from being seen.

  • Fake branding and real wallet logos to appear legitimate.

  • Hundreds of fake five-star reviews to deceive potential victims into trusting the add-ons.

Once a user enters their seed phrase or wallet credentials, the information is silently transmitted to servers controlled by the threat actors—identified as a Russian-speaking cybercrime group.

Read Also: Best 3 Crypto Wallet for Beginner

What’s at Stake

Theft of a seed phrase is equivalent to handing over the master key to an entire wallet. Unlike traditional banking, crypto transactions are irreversible, and once funds are stolen, recovery is virtually impossible.

Some of the fake extensions detected include impersonations of:

  • MetaMask

  • Trust Wallet

  • Coinbase Wallet

  • Phantom

  • Exodus

  • OKX

  • Keplr

  • MyMonero

These fake wallets have been circulating since at least April, with new ones being added as recently as last week. Despite multiple reports, several remain active in Firefox’s extension marketplace.

Mozilla's Response

Mozilla has introduced an early detection system for crypto scam extensions. It uses automated indicators to flag high-risk submissions. However, the system isn't foolproof—many malicious add-ons still bypass it and reach unsuspecting users.

Koi Security has submitted detailed reports through Firefox’s official channels, but as of this writing, the malicious extensions continue to exist on the platform. Mozilla has yet to release an official statement addressing the issue.

Read Also: Telegram Crypto Scams Surge After Huione Shutdown: What You Need to Know

Protecting Yourself from Add-on Based Crypto Scams

To avoid falling victim to crypto wallet scams in browsers, users should:

  • Only install extensions directly from official wallet websites.

  • Check installation numbers and user reviews—beware of suspiciously high review counts with low installations.

  • Avoid entering seed phrases or private keys in any browser-based interface unless absolutely verified as secure.

  • Use hardware wallets for additional security and seed phrase storage.

  • Keep your browser and extensions updated to benefit from security patches.

Conclusion

The emergence of fake crypto wallet add-ons in Firefox is a stark reminder of the evolving nature of crypto fraud. 

As attackers exploit even trusted platforms like Mozilla’s, crypto users must stay informed, cautious, and skeptical of anything that seems too convenient. 

Until better safeguards are enforced, the responsibility to protect digital assets lies heavily on individual users.

Read Also: Web3 Wallet vs Centralized Exchange: Key Differences, Benefits & Why Bitrue Leads the Hybrid Future

FAQs

What crypto wallets are being impersonated in the Firefox store?

Wallets like MetaMask, Trust Wallet, Coinbase, Phantom, and OKX are among those being faked.

How are the fake extensions stealing crypto?

They monitor for seed phrases and credentials, then send this data to attacker-controlled servers.

Can I recover my funds if my seed phrase is stolen? 

No, once a seed phrase is compromised, the funds can be irreversibly drained.

Has Mozilla taken down these fake add-ons?

Some have been reported, but as of now, several still remain active.

How can I avoid getting scammed?

Always install extensions from official sources and never enter your seed phrase into an unfamiliar extension.

Cryptocrypto-fraud

Disclaimer: The content of this article does not constitute financial or investment advice.

Register now to claim a 1012 USDT newcomer's gift package

Join Bitrue for exclusive rewards

Register Now
register

Recommended

Pakistan Crypto Council: New Rules & Stock Market Crash Impact
Pakistan Crypto Council: New Rules & Stock Market Crash Impact

Pakistan’s Crypto Council signals a big leap into digital finance. With bold moves like a Bitcoin reserve and new rules, growth looks promising, but challenges still loom.

2025-07-09Read
Best Crypto Trading Indicators to Elevate Your Strategy
Best Crypto Trading Indicators to Elevate Your Strategy

Indicators like MA, RSI, MACD, and Bollinger Bands help spot trends, time entries, and manage risk. Combine, backtest, and adapt to market shifts for smarter crypto trades. Use tools like TradingView or Kriptomat to boost your edge.

2025-07-09Read
Sondra Blust & Erome: A Creative Journey Unveiled
Sondra Blust & Erome: A Creative Journey Unveiled

Sondra Blust blends art and advocacy on Erome, sharing bold, high-quality content that inspires creators worldwide, rising from small-town roots to global impact.

2025-07-09Read