Okta has uncovered and helped shut down ShieldGuard, a crypto scam extension disguised as a security browsing tool.

ShieldGuard presented itself as a Web3 protection extension that promised users the opportunity to protect their wallets from phishing attacks and unsafe transactions. Instead of that, it stole sensitive crypto data from users.

Source: okta.com

It gained attention through airdrops and referral rewards, encouraging users to download it and invite others. The project even appeared on the Chrome Web Store and built a presence on many social media platforms in order to look legitimate.

However, during investigations, it was discovered that Shieldguard had a different purpose. Instead of protecting users, the extension collected wallet addresses and sensitive data from platforms like Binance, Coinbase, MetaMask, OpenSea, Phantom, and Uniswap.

Also Read: Seized Crypto Assets Receive First-Ever Guidelines from South Korean Police

Shieldguard managed to extract the data by scanning users’ browsers and detecting the installed crypto wallets. It then extracted those wallet addresses and sent them to a remote server controlled by the attackers.

In some cases, it also captured full-page data from crypto platforms, including account balances, transaction history, and also their portfolio details.

Source: okta.com

Researchers found that ShieldGuard used advanced techniques in order to avoid detection. Its code was heavily hidden and designed to bypass Chrome’s security restrictions. It could even run remote commands from a central server, allowing attackers to control what the extension did after installation.

In addition, the malware extension also tracked users across browsing sessions using unique identifiers. It had the ability to block legit websites and replace them with fake warnings, increasing the chances of exploiting users.

Investigators believe the campaign may be linked to Russia. There were also connections to another malicious project called “Radex.”

How Shieldguard Gained Users Trust

The success of ShieldGuard came after it successfully drew in users from its free airdrop campaign and crypto rewards to early users. People were encouraged to download the extension and share it on social media to earn more tokens.

This created urgency and trust at the same time. Many users assumed it was safe because it appeared on official platforms and had positive engagement online. So far Okta has worked with crypto exchanges and companies to shut down the operation.

This article contains market analysis and price predictions. These are not guarantees. Crypto markets are volatile. Always DYOR. Not financial advice.

Also Read: Aptos Token Labeled Digital Commodity by SEC and CFTC in 2026