- “Bull Checker” Chrome extension is stealing Solana tokens by bypassing detectors and altering transactions. Beware of suspicious permissions.
- Jupiter warns users of “Bull Checker” for Solana. This extension misleads users with false safety while draining their wallets.
- Recent Solana exploits, including the “Bull Checker” extension, highlight growing security risks. Users must verify extension permissions.
Decentralized exchange aggregator Jupiter has identified a new threat in crypto. The malicious Google Chrome extension, known as “Bull Checker,” has drained the wallets of several Solana users. This extension can bypass detectors and pose serious risks to unsuspecting users.
Extension’s Malicious Tactics Unveiled
In a post on August 20, Jupiter founder Meow revealed the extension’s modus operandi. Marketed on Reddit as a tool to view holders of specific memecoins, Bull Checker promised valuable insights. However, it has been proven to be a drainer designed to steal funds from users’ wallets.
Moreover, Bull Checker managed to evade detection by passing Solana simulation checks. The extension appears normal but alters transactions before they are signed. Consequently, users see the simulation as harmless while their tokens are transferred to unauthorized addresses.
Jupiter’s August 19 warning on X highlighted the danger of granting extensive permissions. Bull Checker requested permissions to “read and write” data, while legitimate extensions only ask for “read-only” access. This discrepancy should have raised a red flag. Nonetheless, some users continued to install and use the extension, risking their assets.
Additionally, the extension’s malicious actions were evident when users interacted with regular decentralized applications (DApps). Despite normal simulation results, Bull Checker modified transactions to facilitate unauthorized transfers. This deceptive behavior resulted in losses for those affected.
Ongoing Security Concerns and Precautions
One Reddit user claimed to have made $3,000 in a week using the extension, though no details were provided. In the wake of this discovery, Jupiter assured that no vulnerabilities were found in major Solana DApps or wallets during their investigation.
This issue follows recent security breaches in the Solana ecosystem. Cypher Protocol, a decentralized futures exchange, halted its smart contract system after a $1 million exploit. Furthermore, Matthias Mende of the Dubai Blockchain Center lost over $100,000 in Solana to a similar exploit.
In response, Jupiter Exchange has urged users to remove any extensions with extensive, untrusted permissions. This precaution will help protect assets from malicious attacks. On a related note, the CBOE removed the 19b-4 application from its website at the SEC’s request, reducing the chances of a Solana ETF.
disclaimer read moreCrypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.
