"Bull Checker" Chrome extension is stealing Solana tokens by bypassing detectors and altering transactions. Beware of suspicious permissions.
Jupiter warns users of "Bull Checker" for Solana. This extension misleads users with false safety while draining their wallets.
Recent Solana exploits, including the "Bull Checker" extension, highlight growing security risks. Users must verify extension permissions.
Decentralized exchange aggregator Jupiter has identified a new threat in crypto. The malicious Google Chrome extension, known as "Bull Checker," has drained the wallets of several Solana users. This extension can bypass detectors and pose serious risks to unsuspecting users.
Extension's Malicious Tactics Unveiled
In a post on August 20, Jupiter founder Meow revealed the extension's modus operandi. Marketed on Reddit as a tool to view holders of specific memecoins, Bull Checker promised valuable insights. However, it has been proven to be a drainer designed to steal funds from users’ wallets.
Moreover, Bull Checker managed to evade detection by passing Solana simulation checks. The extension appears normal but alters transactions before they are signed. Consequently, users see the simulation as harmless while their tokens are transferred to unauthorized addresses.
Jupiter's August 19 warning on X highlighted the danger of granting extensive permissions. Bull Checker requested permissions to “read and write” data, while legitimate extensions only ask for “read-only” access. This discrepancy should have raised a red flag. Nonetheless, some users continued to install and use the extension, risking their assets.
https://twitter.com/JupiterExchange/status/1825600323320434830
Additionally, the extension's malicious actions were evident when users interacted with regular decentralized applications (DApps). Despite normal simulation results, Bull Checker modified transactions to facilitate unauthorized transfers. This deceptive behavior resulted in losses for those affected.
Ongoing Security Concerns and Precautions
One Reddit user claimed to have made $3,000 in a week using the extension, though no details were provided. In the wake of this discovery, Jupiter assured that no vulnerabilities were found in major Solana DApps or wallets during their investigation.
This issue follows recent security breaches in the Solana ecosystem. Cypher Protocol, a decentralized futures exchange, halted its smart contract system after a $1 million exploit. Furthermore, Matthias Mende of the Dubai Blockchain Center lost over $100,000 in Solana to a similar exploit.
In response, Jupiter Exchange has urged users to remove any extensions with extensive, untrusted permissions. This precaution will help protect assets from malicious attacks. On a related note, the CBOE removed the 19b-4 application from its website at the SEC’s request, reducing the chances of a Solana ETF.
The post Crypto Alert: Bull Checker Extension Bypasses Detectors and Steals Solana Tokens appeared first on Crypto News Land.
