CRX aminer
Extension icon

Keplr

Version 0.13.9 View in Chrome Web Store

Last scanned: about 10 hours ago

Extension Details

Developer: KPLR Pte Ltd
Rating: 4.8 ★ (10.9K ratings)
Users: 1,000,000

Context-Aware Verdict

HIGH
Overall Risk
Trust Factors:

Keplr is a well-established cryptocurrency wallet extension with strong user adoption (1 million users) and excellent ratings (4.8/5 stars from 10.9K reviews). The extension is developed by KPLR Pte Ltd, a legitimate company in the blockchain space. The high user base and positive feedback suggest the extension generally functions as intended and has community trust.

Concerns:

The extension's broad permissions create significant security exposure. The combination of identity access, unlimited storage, and universal host permissions (all websites) creates a powerful attack surface. Content script injection across all URLs means the extension can read and modify any webpage content, potentially capturing sensitive information like passwords or financial data. While these permissions may be necessary for a cryptocurrency wallet's functionality, they represent substantial privacy and security risks if the extension were compromised or malicious.

Recommendations:

Given the high-risk permission profile, consider running Keplr in a dedicated Chrome profile isolated from your primary browsing activities. Only use this profile for cryptocurrency-related activities. Regularly review the extension's permissions and updates. Ensure you downloaded it from the official Chrome Web Store and verify the developer. Consider using hardware wallets for significant cryptocurrency holdings instead of browser-based solutions. Monitor your accounts regularly for unauthorized activity and keep the extension updated to the latest version.

Findings

HIGH
Broad Content Script Injection
This extension can inject scripts into any website. This means it could potentially read sensitive data, modify website content, or steal credentials.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: identity
This extension has the identity permission. Can access your identity information. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: activeTab
This extension has the activeTab permission. Can access the active tab when clicking the extension icon.
MEDIUM
Medium-Risk Permission: notifications
This extension has the notifications permission. Can show notifications.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
MEDIUM
Medium-Risk Permission: unlimitedStorage
This extension has the unlimitedStorage permission. Can store unlimited data locally.