Jupiter Exchange, a decentralized trading platform, recently published a report revealing how the Chrome Extension Bull Checker has been stealing tokens from Solana DeFi users. The extension targeted users on Solana DeFi-related subreddits and allowed them to interact with decentralized applications normally. However, after completing transactions, the extension would maliciously transfer tokens to another wallet without the user’s knowledge. Jupiter Exchange confirmed that the issue is solely due to the Bull Checker extension and not a vulnerability within the wallets or dApps themselves.
The extension was originally supposed to be a read-only tool for viewing memecoin holders but had permissions to read and modify data across all websites. This major red flag was overlooked by its users, leading to the theft of tokens. Jupiter Exchange advised users to remove the extension immediately if they have it installed. The malicious behavior of the extension was identified after receiving reports of users losing tokens while using Solana DeFi.
The investigation revealed that the Chrome extension targeted Solana memecoin traders, with Reddit account Solana_OG being involved in publicizing the extension. Users were lured into downloading the extension with the intent of stealing their assets. Examples of affected transactions showed that Bull Checker added malicious instructions to legitimate Jupiter and Raydium transactions, leading to the unauthorized transfer of tokens to a malicious address. Raydium, a DeFi protocol, confirmed that at least one affected user was using the Bull Checker extension.
To protect their assets, Jupiter Exchange advised users to remove other similar extensions with extensive, untrusted permissions. In addition to this incident, the CBOE removed the 19b-4 application from its website at the SEC’s request, reducing the possibility of a Solana ETF in the market. This highlights the importance of being cautious when using browser extensions with extensive permissions and ensuring the security of digital assets in the DeFi space.
In conclusion, the recent incident involving the Bull Checker Chrome Extension serves as a reminder of the potential risks associated with using browser extensions in the DeFi space. Users should exercise caution when interacting with such tools and be vigilant about the permissions granted to them. By following the advice of platforms like Jupiter Exchange and removing extensions with extensive, untrusted permissions, users can take proactive steps to protect their assets and prevent potential token theft. It is crucial to stay informed about security threats in the cryptocurrency space and prioritize the safety of digital assets.
