- Problem Detection
- How the Malicious Extension Works
- Recommendations for Users
Decentralized trading platform Jupiter Exchange has detected a malicious Chrome extension called 'Bull Checker' targeting Solana users and stealing money from their wallets.
Problem Detection
Jupiter Exchange reported that Solana DeFi users’ wallets were stolen thanks to a malicious plugin called 'Bull Checker.' According to the report, the 'Bull Checker Chrome Extension' targeted several users on Solana DeFi-related subreddits.
How the Malicious Extension Works
The extension allowed users to interact with decentralized applications (dApps) as usual, and their transactions appeared completely normal. However, after the users' transactions were completed, the malicious 'Bull Checker Chrome Extension' transferred the tokens from their wallets to another wallet without the users' permission and knowledge.
Recommendations for Users
Jupiter stated that the issue was solely caused by the Bull Checker Chrome Extension, while assuring users that no vulnerabilities were found in Solana’s major dApps or wallets.
> "Last week, we received reports that a small number of users using Solana DeFi had their accounts deleted. After extensive investigation, we discovered a malicious Chrome extension called 'Bull Checker' targeting users on various Solana-related subreddits. If you have this plugin (or similar plugins with extensive permissions that you cannot trust), please remove them immediately. It should be noted that there are no security vulnerabilities in any of the Dapps or wallets. Be careful and do not install plugins that can read/write data unless you are really sure."
In his latest post, Jupiter stated that he had resolved the issues with the token service and announced that he had completely restored the token service.
