Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
P2P Loan
Grow your wealth in fiat investment
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Stocks
CFD
U.S. stock CFD derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
IPO Access
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
TradFi
2026 World Cup
Rewards

SlowMist Warns of Fake TronLink Chrome Extension Phishing Attack

CryptoFrontier
Security Incidents

Cryptocurrency security company SlowMist has issued a security alert warning of a high-risk phishing attack targeting TRON (TRX) wallet users, according to a press release from the company. Attackers created a malicious Chrome extension that mimics the official TronLink wallet, using sophisticated spoofing techniques to deceive users into installation. The fake extension steals wallet credentials and transmits them to attackers in real-time.

Attack Method

The malicious extension employs Unicode bidirectional control characters and similar Cyrillic letters to spoof the extension's name, making it nearly identical to the legitimate TronLink wallet extension. The fake extension is listed in the Chrome Web Store and leverages the high download numbers and positive reviews of the official version to appear trustworthy to ordinary users, making detection extremely difficult.

Attack Chain

Once installed, the malicious extension uploads a phishing page via a remote server. This page perfectly replicates the official TronLink web wallet interface. When victims log into their TRON wallet through the fake interface, the extension captures their private keys, keystore files, and passwords. This stolen information is transmitted to the attackers in real-time through a Telegram bot, completing the credential theft chain.

Recommended Actions for TRON Users

SlowMist recommends the following protective measures:

  1. Immediately check and remove any suspicious extensions from unknown sources from your browser
  2. Clear your browser's local storage data to remove any cached credentials
  3. Be aware of unusual network requests that may indicate ongoing phishing attempts
  4. If wallet information has been compromised, immediately create a new wallet and move all assets to a secure address

The security firm emphasizes that users should only download wallet extensions from official sources and verify URLs carefully before entering sensitive information.

View Source
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.

Related News

05-11 09:52
Arkham Intelligence Reveals Investment Fraud Accounts for 49% of Crypto Crimes, Not Hacking, on May 11
05-11 08:54
SlowMist Discovers Malicious Chrome MV3 Extension Targeting TRON Wallet Users on May 11
05-11 08:18
Ink Finance's Workspace Treasury Proxy on Polygon Attacked, Loses $140,000
Related Articles

Crypto firms adopt “algorithm-upgraded” quantum-safe wallets, with multiple companies rolling them out to upgrade before the Bitcoin protocol.

Market Whisper05-11 02:40

Microsoft: Deployed ClickFix on a fake macOS troubleshooting page to steal crypto wallet keys

Market Whisper05-11 02:20

Crypto Wrench Attacks Surge 41% in 2026, Targeting Family Members

Crypto Frontier05-10 16:23

Payward Applies for OCC National Trust Company Charter

Crypto Frontier05-10 11:04

Crypto Wrench Attacks Rise 41% in 2026, Targeting Family Members

Crypto Frontier05-09 15:53
Comment
0/400
TheFeelingOfEthInTheSeaBreezevip
· 05-11 19:24
Forwarded to group members: such high-quality imitation extensions can even deceive veteran users. Be sure to verify the developer's identity and store ratings before installation.
View OriginalReply0
OwlAuthorizationMonitorvip
· 05-11 19:21
Chrome extensions are hard to distinguish real from fake. This time, the TronLink imitation is really aggressive, so I need to remind friends who use TRX not to click on suspicious links.
View OriginalReply0
PatinaTradingBellvip
· 05-11 19:13
SlowMist's warnings are timely, but user education is fundamental; too many people just look at the icon and dare to install plugins.
View OriginalReply0
GateUser-e3701961vip
· 05-11 19:01
Once again, it's Chrome extension phishing. Where exactly is the security boundary of browser wallets?
View OriginalReply0