A decentralized exchange aggregator, Jupiter, has identified a new malicious browser extension that has already compromised the wallets of several Solana users. This extension, called “Bull Checker,” is a nefarious Google Chrome add-on that targets Solana users by advertising itself as a tool to view holders of specific memecoins on Reddit.
In an August 20 research post, Jupiter’s pseudonymous founder, Meow, warned that the extension had managed to bypass Solana simulation checks and appeared normal, while it was actually designed to drain users’ funds. The extension would wait until a user interacted with a legitimate decentralized application (DApp) on an official domain before altering the transaction sent to the wallet for signing. Despite these modifications, the simulation results would still show as “normal,” masking the extension’s malicious intent.
Meow also pointed out that the Bull Checker extension asked users to grant permissions to “read and write” data. In contrast, a legitimate wallet-checking extension should only request “read-only” permissions, which should have been a red flag for users. Despite this, several users installed and used the extension, leading to the theft of their tokens when interacting with DApps.
One Reddit user who advertised the extension claimed they had made $3,000 in a week from using it, without providing further details.
Read more: China Supreme Court Updates Anti-Money Laundering Law to Cover Virtual Assets
Jupiter reassured users that no vulnerabilities were found in any major decentralized applications (DApps) or wallets on the Solana network during their investigation. This discovery follows less than two weeks after a Solana-based decentralized futures exchange, Cypher Protocol, halted its smart contract system due to an estimated $1 million exploit.
Additionally, on July 8, Matthias Mende, co-founder of the Dubai Blockchain Center, reported losing over $100,000 in Solana from his Phantom Wallet after participating in a memecoin pre-sale event. The exact method of the hack remains unclear.
Cre: cointelegraph
I’m Jessi Lee, currently living in Singapore. I am currently working as a trader for AZCoin company, with 5 years of experience in the cryptocurrency market, I hope to bring you useful information and knowledge about virtual currency investment.
Email: [email protected]
