Malicious Browser Extension Targets Solana Users, Drains Wallets
Jupiter, a decentralized exchange aggregator, has discovered a new malicious browser extension targeting Solana users.
Named “Bull Checker,” this Google Chrome extension has already compromised several wallets and is adept at evading detection systems.
In a research update on August 20, the anonymous founder of Jupiter, known as Meow, reported that Bull Checker falsely presents itself as a tool to track memecoin holders. Despite appearing legitimate and passing Solana’s simulation tests, the extension is actually designed to siphon funds from user wallets.
Meow noted that the extension asks for broad permissions, including “read and write” data access. This is a significant red flag, as legitimate wallet-checking extensions should only require “read-only” permissions. Once installed, Bull Checker manipulates transactions during interactions with decentralized applications (DApps), making them appear normal while redirecting funds to another wallet.
READ MORE: Bitwise to Acquire ETC Group, Expanding ETF Assets to $4.5 Billion
Additionally, a Reddit user promoting the malicious extension claimed to have earned $3,000 in a week, though details were sparse. Jupiter confirmed that its investigation found no security flaws in Solana’s major DApps or wallets.
The discovery comes shortly after a major exploit at Cypher Protocol, a Solana-based futures exchange, which recently paused operations following a $1 million hack. Moreover, Matthias Mende of the Dubai Blockchain Center reported losing over $100,000 in Solana from his Phantom Wallet due to a similar exploit during a memecoin presale. Mende has not yet identified how the hack occurred.