Rewards Hub A malicious Chrome extension named "MEXC API Automator" has been identified as a tool for stealing API keys from users of the cryptocurrency exchange MEXC. According to the Socket Threat Research Team, the extension has been available on the Chrome Web Store since September 1, 2025. It deceptively offers transaction automation features while secretly generating API keys with withdrawal permissions and sending them to a Telegram bot controlled by attackers.
The extension allows attackers to gain full control over victims' MEXC accounts, enabling them to execute transactions, initiate withdrawals, and transfer assets without the users' knowledge. Despite the threat, the extension remains available for download, and the research team has alerted Google to the issue, urging them to remove it from the store.
Malicious Chrome Extension Targets MEXC Users, Steals API Keys
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.