Hey everyone,
Just a heads-up: I recently downloaded an “OKX Wallet” extension from the Firefox Add-ons Store, thinking it was legit. It had high ratings and good reviews, but that was all fake — most likely pushed up by bots or fake users.
I imported my seed phrase into the extension, thinking it was safe. Within minutes, all my USDC (over $4,000) was drained from my wallet.
This is a scam extension, impersonating the real OKX wallet. It’s designed purely to steal your crypto.
Do you mean this one?
It has 13 Users and 279 Reviews, that’s a HUGE red flag!
Also, it was released 11 days ago by a user registered also 11 days ago - another big red flag.
I wish the addons store had some automatic threat level system, instead of the generic warning message that people learn to ignore (because basically all extensions has it) 
.
There was a an article published here recently about this topic:
Yes, this is exactly the extension. Many people have already been scammed one after another. In just one day, I saw many comments from people who had fallen for it, which shows how absurd the community management is. I personally migrated from the Brave browser, and when I switched wallets, I ended up using a fake one. I’m extremely disappointed with the management of the Firefox browser.
I have submitted multiple reports about the scam, but the official team has yet to respond. When I was scammed, there were only 2 one-star reviews. As of now, there are already 42 one-star reviews, which means at least 40 more users have been scammed. So what exactly are the Firefox extension platform managers doing? Why is it that despite my repeated and urgent feedback, no one has taken action to remove this extension? As a result, many more users have fallen victim to the scam.
I was in a hurry and forgot to mention the most important link - for Requesting an addon block (ban)
This goes directly to devs team, so it’s meant to be used only when you are 100% sure something is bad/dangerous.
I’ve only briefly checked the source code, but I couldn’t find anything obviously malicious (but most of the code is minified, maybe even obfuscated, so I can’t really analyze it well).
Also there is a lot of code, one file has 2MB of minified JS code, that’s ~2 million characters!
But there is a one piece of code with Russian comments that sends user IP address to some suspicious looking address:
The add-on @juraj.masiar linked in his first comment is no longer available on AMO.
“Oh my god, this plugin has been put back online again. Is there any way to fix this at the source? Another malicious actor has appeared.”
Why post a screenshot and not a link? 
But yeah, the addon is back under new URL…
Someone should ban the account since it’s seems to be the same one.
OMG, yet another clone…
I guess Firefox team will have to implement some new way to identify clones and block them pro-actively, because this could continue forever.
Unfortunately these folks are quite persistent. Thanks for flagging these listings!
Well, I’ve checked again and there is already a new one, released 10h ago 
.
This time by a new user that has 4 other addons:
I have a feeling, with modern AI we are entering new era of malware…
