Security Researchers Uncovered Dubious “Safery” Crypto Wallet Chrome Store


Blockchain security platform Socket has warned of a new malicious crypto wallet extension in the Google Chrome Web Store that has a unique way of stealing seed phrases to drain user assets.

The extension is called “Safery: Ethereum Wallet” and claims to be a “reliable and secure browser extension designed for easy and efficient management” of Ethereum-based assets.

However, how highlighted in Tuesday’s report from Socket, the extension is indeed proposed steal seed phrase through a clever back door.

“Marketed as a simple, secure Ethereum (ETH) wallet, it contains a backdoor that exfiltrates seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat-controlled Sui wallet,” the report said.

Promotional images of Safety Wallet. Source: Chrome Store

Notably, it currently ranks as the fourth search result for “Ethereum Wallet” in the Google Chrome store, just a few spots behind legitimate wallets like MetaMask, Wombat, and Enkrypt.

Chrome save search results. Source: Chrome Store

The extension allows users to create new wallets or import existing ones from elsewhere, posing two potential security risks for users.

In the first scenario, the user creates a new wallet in the extension and immediately sends their initial phrase to the bad actor via a small Sui-based transaction. Since the wallet is compromised from day one, funds can be stolen at any time.

In the second scenario, the user imports an existing wallet and enters their seed phrase and passes it to the scammers behind the extension, who can re-display the information through a small transaction.