Russian Malware Targets ICP, Pressures Cryptocurrency Markets

The malware campaign was revealed by Koi Security, identifying over 40 fake browser wallet extensions imitating popular cryptocurrency wallets. “Our detailed analysis links over 40 fake browser wallet extensions to a coordinated network believed to be operated from Russia,” noted cybersecurity experts at Koi Security. These malicious extensions have targeted cryptocurrency users since April 2025, primarily affecting ICP tokens. No public statements from Internet Computer’s leadership, including CEO Dominic Williams, have been issued in response to the attack.

The financial impact on ICP was immediate and notable, with its price declining 5.18% to $4.8373, dropping below the $5 support level. This contrasts with the broader market, which experienced lesser declines, indicating a direct impact on ICP. The sell pressure on ICP was accompanied by notable volatility, especially during specific sell-off times.

Market responses included significant price fluctuations within the ICP token, compelled by worries around browser wallet security. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has noted increased activities by Russian-speaking cyber actors targeting Western technology and crypto entities. SOL also faced a 3.36% decline, but this was attributed to broader market pressures rather than the malware campaign. Other major cryptocurrencies like Ethereum (ETH) and Bitcoin (BTC) were not directly affected by the malware activity.

Industry experts emphasize the broader security implications of such targeting incidents. Previous attacks have led to short-term price weakness in impacted tokens, yet recovery typically follows once confidence is restored. Despite various risks for Layer 1 and DeFi sectors, the specific threat remains confined to ICP for now.