Just when you thought crypto couldn’t make things worse, it’s now wrecking Firefox too. A spike in fake cryptocurrency wallet extensions is plaguing Mozilla’s once-trustworthy browser, and the problem is only growing.
Researchers at Koi Security have discovered an ongoing campaign—active since April—that uploads counterfeit versions of well-known crypto wallets, including Coinbase, MetaMask, and Ethereum, to Firefox’s add-on repository. These look convincing on the surface, built from open-source code with malicious scripts quietly inserted. Their job? Steal credentials and drain legitimate crypto wallets, handing over user data to a group of alleged Russian-speaking hackers.
The attackers are using every trick in the book: real logos, cloned names, polished fake reviews. Despite Mozilla’s efforts to detect malicious extensions automatically, the system seems overrun. Over 40 fake wallet extensions have been identified—some still live before being purged.
Even as the buzz around NFTs and crypto investing dies down, massive sums remain vulnerable. A single careless click on the wrong extension could mean losing thousands of dollars in unrecoverable digital assets. Mozilla gave a boilerplate response acknowledging the threat, but users should take the situation seriously.
If you rely on crypto tools, don’t trust browser searches or add-on stores blindly. Always go directly to the wallet provider’s official website for downloads. Once your keys are stolen, there’s no customer support to call and no chargeback to issue. In the world of crypto, theft is often permanent—and untraceable.