Malicious Chrome Extension 'Safery' Steals Ethereum Seed Phrases via Sui Blockchain

First reported

13.11.2025 15:04

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A fake Chrome extension named 'Safery: Ethereum Wallet' steals users' Ethereum wallet seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat actor-controlled Sui wallet. The extension was uploaded to the Chrome Web Store on September 29, 2025, and remains available as of November 13, 2025. The malware avoids traditional command-and-control (C2) servers by embedding seed phrases in blockchain transactions, allowing the attacker to decode and reconstruct the original seed phrases to drain victims' funds. The extension was updated as recently as November 12, 2025, and is still available for download. Users are advised to stick to trusted wallet extensions and scan for mnemonic encoders, synthetic address generators, and hard-coded seed phrases.

Timeline

13.11.2025 15:04 1 articles · 23h ago

Malicious Chrome Extension 'Safery' Steals Ethereum Seed Phrases via Sui Blockchain
A fake Chrome extension named 'Safery: Ethereum Wallet' steals users' Ethereum wallet seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat actor-controlled Sui wallet. The extension was uploaded to the Chrome Web Store on September 29, 2025, and remains available as of November 13, 2025. The malware avoids traditional command-and-control (C2) servers by embedding seed phrases in blockchain transactions, allowing the attacker to decode and reconstruct the original seed phrases to drain victims' funds.
Show sources

Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04
Open in new tab

Information Snippets

The malicious extension 'Safery: Ethereum Wallet' was uploaded to the Chrome Web Store on September 29, 2025.
First reported: 13.11.2025 15:04

1 source, 1 article
Show sources
- Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04
The extension was updated as recently as November 12, 2025, and remains available for download.
First reported: 13.11.2025 15:04

1 source, 1 article
Show sources
- Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04
The malware steals wallet mnemonic phrases by encoding them as fake Sui wallet addresses and sending micro-transactions to them from a hard-coded threat actor-controlled wallet.
First reported: 13.11.2025 15:04

1 source, 1 article
Show sources
- Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04
The threat actor decodes the recipient addresses to reconstruct the original seed phrase and drain victims' funds.
First reported: 13.11.2025 15:04

1 source, 1 article
Show sources
- Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04
Users are advised to stick to trusted wallet extensions and scan for mnemonic encoders, synthetic address generators, and hard-coded seed phrases.
First reported: 13.11.2025 15:04

1 source, 1 article
Show sources
- Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain — thehackernews.com — 13.11.2025 15:04