
Mozilla has ramped up its defenses against crypto theft by actively blocking fraudulent Firefox add-ons designed to drain users’ cryptocurrency wallets.
The move comes in response to a sharp surge in crypto-related scams, which caused global victim losses of nearly $16.6 billion in 2024, according to the FBI.
The Mozilla Add-ons Operations team, led by Andreas Wagner, has been tracking and fighting this threat for years, uncovering hundreds of scam crypto wallet extensions masquerading as legitimate tools on addons.mozilla.org (AMO). These malicious extensions often trick users into entering sensitive credentials such as private keys, which are then used by attackers to immediately siphon off funds, typically irrecoverable once stolen.
Crypto wallet drainers are part of a growing wave of cybercrime targeting individuals through deceptive browser extensions. Unlike phishing emails or malware downloads, these scams rely on users voluntarily installing a malicious extension, believing it to be official software from trusted crypto wallet providers. Once installed, the extension harvests login details or hijacks transactions, resulting in financial loss that can unfold within minutes.
Firefox’s AMO platform offers thousands of browser extensions vetted by a dedicated team to maintain a secure user experience. Recognizing the escalating risk of crypto scams, Mozilla has enhanced its add-on review process with an early detection system. This system combines automated risk profiling with manual human review: when an extension’s risk score crosses a threshold, human reviewers investigate, and if malicious behavior is confirmed, the extension is swiftly blocked.
The specifics of how exactly the system works and what elements contribute to reaching the reviewal threshold were withheld to avoid having threat actors adjusting their code to evade detection.
The FBI’s Internet Crime Complaint Center receives an average of 836,000 online scam complaints per year, reflecting the scale of the challenge. While Mozilla’s detection system marks an important step, the team emphasizes that users must remain vigilant. Wagner advises Firefox users to always verify extensions directly from official crypto wallet websites and, if possible, confirm legitimacy by contacting the wallet service. Even with additional backend defenses, user caution remains critical in safeguarding digital assets.
Leave a Reply