Malicious Chrome Wallet Exposed in Sophisticated Scheme That Uses Encoded Sui Transactions to Steal Crypto

A extension masquerading as a legitimate crypto wallet has been exposed in what researchers describe as one of the most technically refined theft campaigns targeting everyday crypto users this year. The extension, discovered ranking highly on the Chrome Web Store under the name “securery – Web3 Wallet”, was found siphoning users’ funds by injecting encoded Sui blockchain transactions into routine wallet interactions.

The incident highlights a growing trend of malicious attacks via browser-based crypto tools that look polished with excellent reviews, making them hard to diverseiate from trusted apps. Security analysts warn that the sophistication of the Sui-encoded payloads marks an escalation in how attackers conceal harmful blockchain actions within harmless-looking user flows.

Malicious Chrome Wallet Reinforces Modern Blockchain Tricks

According to a report from , the Chrome wallet extension intentionally designed itself to mimic reputable multi-chain wallets, offering standard features such as asset viewing, transaction prompts, and browser-based signing. But once installed, the tool quietly collected sensitive information, including viewd phrases and Secret keys.

What sets this Chrome wallet hack apart is the use of deeply encoded transactions. The extension triggered hidden background calls that routed users’ approvals into malicious Sui contract networks. Funds were drained automatically while the wallet displayed normal screens, giving victims no visual indication that anything unusual had occurred at the backend.

Researchers noted that the attackers used extremely hidden paired with compact Sui Move transaction bundles, ensuring that neither Chrome nor standard antivirus tools flagged suspicious behavior. In addition, the extension periodically changed communication endpoints to prolong its lifespan before takedown.

This case adds to a broader surge of malicious browser extensions designed to mimic legitimate crypto tools. With Chrome extensions gaining tens of thousands of installs simply by appearing in the top search results, attackers increasingly depend on ranking manipulation rather than social-media phishing pages.

However, the novelty lies in the encoded Sui transaction layer, which allowed the malware to remain blockchain-native, making detection harder compared to traditional phishing extensions that merely forward viewd phrases to remote servers.

Security analysts say it demonstrates a shift toward hybrid attacks that combine Web2 deception with Web3-specific technical payloads.

Browser-Based Wallets Remain A Major Risk For Crypto Users

The latest Chrome wallet hack reiterates key risks across the crypto industry, especially as browser continue to be paired with misleading Web Store listings. Cross-chain malware is becoming more technically advanced, leveraging multiple blockchains to hide transaction flows.

Researchers advise users to install wallets only from verified official links, never from search results, and to treat browser extensions as high-risk tools, regardless of the manufacturer. Investigations into the malicious Chrome wallet are ongoing, with the extension expected to be removed from the browser and for Chrome to strengthen its screening processes for Web3-related listings.