Extension Details
Context-Aware Verdict
Keplr is a well-established cryptocurrency wallet extension with strong user adoption (1 million users) and excellent ratings (4.8/5 stars from 10.9K reviews). The extension is developed by KPLR Pte Ltd, a legitimate company in the blockchain space. The high user base and positive feedback suggest the extension generally functions as intended and has community trust.
The extension's broad permissions create significant security exposure. The combination of identity access, unlimited storage, and universal host permissions (all websites) creates a powerful attack surface. Content script injection across all URLs means the extension can read and modify any webpage content, potentially capturing sensitive information like passwords or financial data. While these permissions may be necessary for a cryptocurrency wallet's functionality, they represent substantial privacy and security risks if the extension were compromised or malicious.
Given the high-risk permission profile, consider running Keplr in a dedicated Chrome profile isolated from your primary browsing activities. Only use this profile for cryptocurrency-related activities. Regularly review the extension's permissions and updates. Ensure you downloaded it from the official Chrome Web Store and verify the developer. Consider using hardware wallets for significant cryptocurrency holdings instead of browser-based solutions. Monitor your accounts regularly for unauthorized activity and keep the extension updated to the latest version.
Findings
Security Analysis Details
Required Permissions:
- storage
- notifications
- identity
- idle
- alarms
- unlimitedStorage
- sidePanel
- activeTab
- scripting
Host Permissions:
- http://*/*
- https://*/*
Embedded URLs (468 total):
| https://feross.org | https://feross.org/opensource | |
| https://links.ethers.org/v5-errors- | https://github.com/mobxjs/mobx/blob/main/packages/mobx/src/errors.ts | |
| https://alpha-mainnet.starknet.io | https://alpha-sepolia.starknet.io | |
| https://starknet-mainnet.g.alchemy.com/starknet/version/rpc/ | https://starknet-sepolia.g.alchemy.com/starknet/version/rpc/ | |
| https://starknet.paymaster.avnu.fi | https://sepolia.paymaster.avnu.fi | |
| https://starknet.id/api/identicons/ | https://analytics.keplr.app | |
| https://raw.githubusercontent.com/ | https://raw.githubusercontent.com/chainapsis/phishing-block-list/main/block-list.txt | |
| https://raw.githubusercontent.com/chainapsis/phishing-block-list/main/twitter-scammer-list.txt | https://mainnet-btc-inscriptions.keplr.app | |
| https://testnet-btc-inscriptions.keplr.app | https://signet-btc-inscriptions.keplr.app | |
| https://keplr-api.keplr.app | https://gjsttg7mkgtqhjpt3mv5aeuszi0zblbb.lambda-url.us-west-2.on.aws/osmosis/osmosis-base-fee-beta.json | |
| https://gjsttg7mkgtqhjpt3mv5aeuszi0zblbb.lambda-url.us-west-2.on.aws | https://rpc-cosmoshub.keplr.app | |
| https://lcd-cosmoshub.keplr.app | https://wallet.keplr.app/chains/cosmos-hub | |
| https://wallet.keplr.app/chains/cosmos-hub?modal=staking&chain=cosmoshub-4&step_id=2 | https://rpc-osmosis.keplr.app | |
| https://lcd-osmosis.keplr.app | https://app.osmosis.zone | |
| https://wallet.keplr.app/chains/osmosis?modal=staking&chain=osmosis-1&step_id=2 | https://rpc-secret.keplr.app | |
| https://lcd-secret.keplr.app | https://wallet.keplr.app/chains/secret-network | |
| https://wallet.keplr.app/chains/secret-network?modal=staking&chain=secret-4&step_id=2 | https://rpc-akash.keplr.app | |
| https://lcd-akash.keplr.app | https://wallet.keplr.app/chains/akash | |
| https://wallet.keplr.app/chains/akash?modal=staking&chain=akashnet-2&step_id=2 | https://rpc-crypto-org.keplr.app | |
| https://lcd-crypto-org.keplr.app | https://wallet.keplr.app/chains/crypto-org | |
| https://wallet.keplr.app/chains/crypto-org?modal=staking&chain=crypto-org-chain-mainnet-1&step_id=2 | https://rpc-iris.keplr.app | |
| https://lcd-iris.keplr.app | https://wallet.keplr.app/chains/irisnet | |
| https://wallet.keplr.app/chains/irisnet?modal=staking&chain=irishub-1&step_id=2 | https://rpc-regen.keplr.app | |
| https://lcd-regen.keplr.app | https://wallet.keplr.app/chains/regen | |
| https://wallet.keplr.app/chains/regen?modal=staking&chain=regen-1&step_id=2 | https://rpc-persistence.keplr.app | |
| https://lcd-persistence.keplr.app | https://wallet.keplr.app/chains/persistence | |
| https://wallet.keplr.app/chains/persistence?modal=staking&chain=core-1&step_id=2 | https://rpc-sentinel.keplr.app | |
| https://lcd-sentinel.keplr.app | https://wallet.keplr.app/chains/sentinel | |
| https://wallet.keplr.app/chains/sentinel?modal=staking&chain=sentinelhub-2&step_id=2 | https://rpc-agoric.keplr.app | |
| https://lcd-agoric.keplr.app | https://wallet.keplr.app/chains/agoric | |
| https://wallet.keplr.app/chains/agoric?modal=staking&chain=agoric-3&step_id=2 | https://rpc-cyber.keplr.app | |
| https://lcd-cyber.keplr.app | https://wallet.keplr.app/chains/bostrom | |
| https://wallet.keplr.app/chains/bostrom?modal=staking&chain=bostrom&step_id=2 | https://rpc-juno.keplr.app | |
| https://lcd-juno.keplr.app | https://wallet.keplr.app/chains/juno | |
| https://wallet.keplr.app/chains/juno?modal=staking&chain=juno-1&step_id=2 | https://rpc-stargaze.keplr.app | |
| https://lcd-stargaze.keplr.app | https://wallet.keplr.app/chains/stargaze | |
| https://wallet.keplr.app/chains/stargaze?modal=staking&chain=stargaze-1&step_id=2 | https://rpc-axelar.keplr.app | |
| https://lcd-axelar.keplr.app | https://wallet.keplr.app/chains/axelar | |
| https://wallet.keplr.app/chains/axelar?modal=staking&chain=axelar-dojo-1&step_id=2 | https://rpc-sommelier.keplr.app | |
| https://lcd-sommelier.keplr.app | https://wallet.keplr.app/chains/sommelier |
Raw Manifest
{ "name": "Keplr", "icons": { "16": "assets/icon-16.png", "48": "assets/icon-48.png", "128": "assets/icon-128.png" }, "action": { "default_popup": "popup.html", "default_title": "Keplr" }, "version": "0.13.9", "background": { "service_worker": "background.bundle.js" }, "side_panel": { "default_path": "sidePanel.html" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Keplr is a browser extension wallet for the Inter blockchain ecosystem.", "permissions": [ "storage", "notifications", "identity", "idle", "alarms", "unlimitedStorage", "sidePanel", "activeTab", "scripting" ], "content_scripts": [ { "js": [ "browser-polyfill.js", "contentScripts.bundle.js" ], "run_at": "document_start", "matches": [ "<all_urls>" ], "all_frames": true } ], "host_permissions": [ "http://*/*", "https://*/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "<all_urls>" ], "resources": [ "injectedScript.bundle.js" ] }, { "matches": [ "<all_urls>" ], "resources": [ "assets/Inter-SemiBold.ttf" ] }, { "matches": [ "<all_urls>" ], "resources": [ "assets/icon-128.png" ] }, { "matches": [ "<all_urls>" ], "resources": [ "assets/megaphone.svg" ] }, { "matches": [ "<all_urls>" ], "resources": [ "assets/locked-keplr-logo-128.png" ] }, { "matches": [ "<all_urls>" ], "resources": [ "assets/icon-click-cursor.png" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.