Solana DeFi users have fallen victim to a malicious Chrome extension named “Bull Checker,” leading to unauthorised transfers of crypto assets from their crypto wallets. The extension, disguised as a tool for viewing namecoin holders, exploited users by gaining extensive permissions to read and modify all data on websites they visited.
After a week-long investigation by Jupiter Research and Offside Labs, it was discovered that the extension manipulated transaction data on legitimate platforms like Jupiter and Raydium. Users unknowingly signed transactions that included malicious instructions, resulting in their funds being transferred to an unknown crypto wallet.
In particular, the investigators reported that two specific examples of transactions that interacted with this malicious extension have been identified. The transactions were initially processed through legitimate platforms such as Jupiter and Raydium. However, additional malicious instructions were added to the transactions, which users unknowingly signed, resulting in the unauthorised transfer of their tokens.
The first transaction, identified by the code 5UMucMksJweA1AtgyxrK8DJeBXr3DQGEGRs5Kkq2pZjr, and the second, identified by 5krgaq2FTZA…, both involved the unauthorised transfer of funds to a wallet controlled by the exploiter. The extension’s ability to bypass standard security checks and execute malicious transactions has raised significant concerns within the Crypto community.
The dApp developers behind the Raydium and other Solana have urged users to remove the “Bull Checker” extension immediately. Experts emphasise that the breach was due to the malicious extension, not vulnerabilities within the Solana dApps or wallets. Security companies like Blowfish are working on new features to protect users from such threats in the future.
For now the Solana crypto community is advised to review and remove any suspicious browser extensions to safeguard their assets.
Read also: SEC Expresses Concerns Over Solana Spot ETF, Approval Process Halted: Bad News