The decentralized trading platform Jupiter Exchange has published a report revealing the theft of tokens from Solana DeFi users via a Chrome browser extension called Bull Checker.
Closing the Vulnerability
Jupiter Exchange has confirmed that the issue lies with the Bull Checker extension, not any vulnerability within the wallets or dApps themselves. After installation, the extension waits for the user to interact with a dApp on an official domain, modifying the transaction so that the final result appears normal, though the tokens actually get transferred to another wallet.
Targeting Solana Traders
The investigation revealed that the Bull Checker extension was targeting Solana memecoin traders. The Reddit account Solana_OG promoted this extension, luring traders to install it to steal their assets. Examples of affected transactions showed that the extension added malicious instructions to legitimate Jupiter and Raydium commands, leading to the unauthorized transfer of tokens to a malicious address.
Precautionary Measures
Jupiter Exchange strongly recommends removing such extensions with extensive permissions. Users should use only trusted tools and carefully review the permissions requested by the extensions to protect their assets.
Users should be cautious when installing extensions and review their permissions carefully to avoid losing their assets.
Comments