Last updated on March 4th, 2026 at 02:39 pm
Crypto hackers are refining their tactics, now posing as venture capital firms and hijacking browser extensions to deploy a fast-spreading social engineering attack known as “ClickFix.”
A new report from cybersecurity firm Moonlock Lab reveals that scammers are impersonating fake investment firms such as SolidBit, MegaBit, and Lumax Capital to lure crypto founders and professionals on LinkedIn. The attackers typically initiate contact with partnership offers before directing victims to counterfeit Zoom or Google Meet event pages.
Fake VC firms and the “click-to-compromise” trap
Once on the spoofed meeting page, targets are presented with a fraudulent Cloudflare-style “I’m not a robot” verification box. Clicking it silently copies a malicious command to the victim’s clipboard. The user is then instructed to paste the “verification code” into their system terminal, unknowingly executing malware themselves.
Moonlock Lab describes the ClickFix method as particularly dangerous because it turns victims into active participants in the breach. By manually pasting and running the command, users bypass traditional security safeguards without triggering suspicious downloads or exploits.
The report also names an individual using the alias Mykhailo Hureiev, allegedly presented as co-founder of SolidBit Capital, as a recurring contact point in the scam’s LinkedIn outreach phase. However, researchers warn that the operation frequently rotates identities and infrastructure once exposed.
Compromised Chrome extension targets crypto wallets
In a separate but related campaign, hackers recently hijacked QuickLens, a Chrome extension previously used to perform Google Lens searches within the browser. According to Annex Security founder John Tuckner, the extension changed ownership on February 1 before releasing a malicious update weeks later.
The compromised version, which affected roughly 7,000 users, deployed ClickFix scripts and data-stealing tools. Reports indicate it searched for crypto wallet data and seed phrases while also scraping Gmail inboxes, YouTube accounts, login credentials, and payment details entered into web forms.
Security experts say ClickFix campaigns have expanded beyond crypto, targeting enterprises and public sector organizations globally since at least 2024. In related news, Crypto security firms raised alarms after new data revealed that scammers stole tens of millions of dollars from users in January through address poisoning and signature phishing attacks, with the trend showing no signs of slowing.
Enjoyed this piece? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads, and CoinMarketCap Community for seamless access to high-quality industry insights.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
