40+ Fake Crypto Wallet Extensions Found on Firefox
Security firm Koi uncovers over 40 fake crypto wallet extensions on Firefox, impersonating MetaMask and Coinbase to steal user credentials.

Quick Take
Summary is AI generated, newsroom reviewed.
Over 40 fake wallet extensions were discovered on Firefox, impersonating MetaMask and Coinbase.
A Russian-speaking threat group is reportedly behind the malware campaign.
68% of malware campaigns use cloned software to avoid detection, according to a 2023 study.
Users are advised to install extensions only from verified publishers as per Mozilla’s security guidelines.
Over 40 Fake Crypto Wallet Extensions Found on Firefox, Posing Malware Threat
Security firm Koi has discovered over 40 fake cryptocurrency wallet extensions on Firefox’s plug-in store. These malicious extensions are designed to impersonate major wallets like MetaMask and Coinbase. Their goal is to steal user credentials by luring victims into downloading them.
A report from BleepingComputer confirmed that a Russian-speaking threat group is behind these malicious activities as of July 2, 2025. These fake extensions exploit open-source code by adding harmful logic while mimicking the legitimate design of popular wallet platforms. This tactic aligns with a 2023 Journal of Cybersecurity study, which revealed that 68% of malware campaigns use cloned software to evade detection.
Security Risks and Mitigation Measures
The fake wallet extensions pose significant risks to users by stealing sensitive data. The threat continues to grow due to browser marketplace vulnerabilities, which allow these extensions to persist despite ongoing reports. Mozilla’s 2024 security guidelines advise users to install extensions only from verified publishers to minimize exposure to such risks.
These malicious extensions rely on mimicking legitimate wallet designs, making them harder to detect. It is essential for users to remain vigilant when browsing plug-in stores and ensure they are downloading only from trusted sources.

Follow us on Google News
Get the latest crypto insights and updates.
Related Posts

Bitcoin Whales and Falling Dormant Supply Signal Possible Reversal
Shweta Chakrawarty
Technical Writer

Turkey’s Carbon Market Plan Signals Energy Shift, Possible Crypto Impact
Shweta Chakrawarty
Technical Writer

SharpLink Adds $517M in ETH as OG Whale Sends $10M to Gemini
Shweta Chakrawarty
Technical Writer