A malicious Chrome extension named “Bull Checker” has been discovered targeting users in the Solana DeFi ecosystem, resulting in the theft of tokens over the past week. The decentralized trading platform Jupiter Exchange was the first to identify and flag this harmful extension, warning that it has been responsible for draining tokens from several Solana users’ wallets.
How ‘Bull Checker’ Operated
According to a detailed investigation by Jupiter Exchange, the “Bull Checker” extension initially appeared legitimate, allowing users to interact with decentralized applications (dApps) seamlessly. However, once installed, the extension would covertly modify transactions initiated by the user on official dApp domains. This modification was subtle, with the transaction simulations still appearing “normal” and giving no indication of any malicious activity.
The extension had permissions to read and change data on all websites, which it exploited to transfer tokens to an unauthorized wallet upon transaction completion. The affected users believed they were engaging in regular dApp transactions, only to find their tokens and authority maliciously redirected to another address.
Broader Impact and Community Response
Jupiter Exchange noted that the extension was a ‘read-only’ tool, purportedly designed to allow users to view holders of memecoins. Despite this seemingly benign function, the extension’s ability to read and write data across websites was a significant red flag that many users overlooked. Raydium, an automated market maker on the Solana blockchain, also reported that their affected users had installed the Bull Checker extension, confirming its widespread impact within the Solana community.
The malicious extension was heavily promoted on Reddit by an anonymous user, “Solana_OG,” who specifically targeted users interested in trading memecoins, luring them into downloading the extension. This deceptive strategy further facilitated the spread of the harmful tool among unsuspecting users.
Safety Measures and Cautionary Advice
In response to the incident, Jupiter Exchange has outlined several safety measures that users should take to protect themselves from similar threats in the future. These include carefully reviewing the permissions requested by any browser extension before installation and being cautious of any tool that claims to offer enhanced functionality without a clear need for extensive data access.
This incident serves as a stark reminder of the importance of vigilance when interacting with browser extensions, particularly in the rapidly evolving DeFi space where new threats can emerge quickly. Users are urged to uninstall the Bull Checker extension immediately and to review their transaction history for any unauthorized transfers.
Powered by Crypto Expert BD
Follow us on Twitter: https://x.com/CryptoExpert_BD
Join our Telegram channel: https://t.me/CryptoExpert_BD
