The malicious Chrome extension "Safery: Ethereum Wallet" spoofs an ETH wallet and steals users' seed phrase.

According to a report by Mars Finance, the GoPlus Chinese community has disclosed a malicious Chrome extension called "Safery: Ethereum Wallet" that is stealing user assets. Released on November 12, 2024, the extension masquerades as a simple and secure Ethereum wallet, but contains a built-in backdoor. The attack method is highly covert: the malicious extension encodes the user's seed phrase into a Sui address and steals the seed phrase by broadcasting micro-transactions through a Sui wallet controlled by the attacker. The attacker's email address is [email protected]. The malicious extension has not yet been removed from the Chrome Web Store.