On August 20, Jupiter, a decentralized exchange aggregator, exposed a new malicious browser extension designed to target Solana users. Dubbed “Bull Checker,” this rogue extension has already compromised several wallets and evaded detection by appearing harmless.
In a research post shared by Jupiter founder Meow, it was revealed that Bull Checker masquerades as a tool for viewing memecoin holders on Reddit. Users were lured into installing the extension under the pretense of its utility. “If you have this extension (or similar extensions with extensive permissions you cannot trust), please remove it immediately,” Meow advised in an August 19 post on X (formerly Twitter).
According to Meow, the Bull Checker extension bypasses standard Solana simulation checks and appears to function normally. However, it is actually a sophisticated drainer. The extension waits for a user to interact with a legitimate decentralized application (DApp) on an official domain. It then intercepts and modifies the transaction before the wallet signs it. Despite these modifications, the transaction simulation appears normal, concealing the true nature of the extension.
Bull Checker requests permissions to “read and write” data, a clear red flag, as legitimate wallet-checking extensions should only require “read-only” access. Despite this warning, many users continued to install and use the extension. Consequently, their tokens could be maliciously transferred to another wallet upon transaction completion.
One Reddit user promoting the malicious extension claimed to have made $3,000 in the past week using it, though no specific details were provided. Jupiter’s investigation found no vulnerabilities in major decentralized applications or wallets on the Solana network itself.
The discovery of Bull Checker comes amid other recent security issues in the Solana ecosystem. Less than two weeks prior, the Cypher Protocol, a Solana-based decentralized futures exchange, halted its smart contract system following an estimated $1 million exploit. Additionally, on July 8, Matthias Mende, co-founder of the Dubai Blockchain Center, revealed he was a victim of a hack where over $100,000 in Solana was stolen from his Phantom Wallet after participating in a memecoin presale event. Mende has yet to determine how the hack occurred.
The emergence of the Bull Checker extension underscores the need for vigilance in the crypto space. Users are advised to be cautious of browser extensions requesting extensive permissions and to regularly review their security practices. As the Solana ecosystem navigates these security challenges, maintaining awareness and implementing robust protective measures remain crucial for safeguarding digital assets.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up