Malicious Impersonating Extension "TronLink Pro" Stealing Private Keys & Seed Phrases - Immediate Removal Requested
san tang
Dear Chromium Extensions Team / Chrome Web Store Security Team,
I am writing to urgently report a clearly malicious and impersonating Chrome extension that poses a severe security risk to users, particularly those in the cryptocurrency community.
Fake / Malicious Extension Details:
- Extension Name: TronLink Pro
- Chrome Web Store URL: https://chromewebstore.google.com/detail/tronlink-pro/kekfchafjbmmbdecfepbinjoiceidele
- Extension ID: kekfchafjbmmbdecfepbinjoiceidele
- Developer: Tlinkofficial
- Users: ~140 (as of recent check)
- Last Updated: March 6, 2026
This extension is impersonating the legitimate and official TronLink wallet, whose real extension is:
- Official Name: TronLink
- Official URL: https://chromewebstore.google.com/detail/tronlink/ibnejdfjmmkpcnlpebklmnkoeoihofec
- Developer: Helix Tech Company Limited
- Official Website: https://www.tronlink.org
- Users: 600,000+
The fake extension uses a very similar name ("TronLink Pro") and describes itself as a "TRON wallet companion" with features like viewing balances, tracking tokens, and managing multiple wallets — exactly the kind of functionality that would trick users into believing it's an enhanced/official version.
Critical Security Concern: Extensions of this type (fake crypto wallets) are commonly used to steal users' private keys, seed phrases (mnemonic phrases), and wallet credentials. Once installed, they can:
- Prompt users to import or enter their wallet seed phrases under the guise of "wallet connection" or "backup".
- Inject malicious JavaScript to exfiltrate sensitive data to attacker-controlled servers.
- Result in immediate and irreversible theft of cryptocurrency assets (TRX, TRC-20 tokens, etc.).
This is a classic phishing/malware tactic that has repeatedly targeted popular wallets like MetaMask, TronLink, imToken, etc. Such extensions endanger thousands of users and damage trust in the Chrome Web Store.
Evidence of Impersonation:
- Name is deliberately similar to mislead users searching for "TronLink".
- No affiliation with Helix Tech Company Limited or tronlink.org.
- Low user count and recent update suggest it's a newly pushed scam.
Request: Please immediately investigate this extension for policy violations (impersonation, malware, phishing, deceptive behavior) and remove it from the Chrome Web Store as soon as possible to prevent further harm to users.
I have also reported it via the "Report abuse" / "Flag as inappropriate" button directly on the extension page (categories: Impersonation + Malware/Phishing), and notified the official TronLink team at tron...@tronlink.org so they can file an official trademark/brand complaint.
Thank you for your prompt attention to this serious security issue. Protecting users from credential-stealing extensions is critical.
Best regards,
