A malicious Google Chrome extension impersonating the imToken cryptocurrency wallet is actively stealing user seed phrases and private keys. The extension functions as a lightweight redirector, fetching a destination URL from a hardcoded endpoint and sending victims to a homoglyph-obfuscated phishing site designed to harvest wallet recovery secrets.