A new malicious browser extension, dubbed “Bull Checker,” has already affected several Solana users by emptying their wallets. The extension, which can even slip past security systems, was identified by decentralized exchange aggregator Jupiter.
Users are urged to remove the extension
In a research note, Jupiter’s pseudonymous founder Meow warned about the dangers of the Bull Checker extension. This extension, which specifically targeted Solana users on Reddit, presented itself as a tool to check holders of several memecoins. Jupiter urged users to immediately remove the extension if they had it installed.
According to Meow, Bull Checker was able to pass Solana’s simulation checks and appeared to function normally, when in reality it was designed to steal funds from users’ wallets. “Once installed, Bull Checker waits for the user to interact with a regular decentralized application (DApp) on an official domain, then modifies the transaction before sending it to the wallet for signing. The simulation results still appear normal, thus concealing the malicious activity,” Meow explained.
Red flag when installing the extension
The extension asked users for permission to “read and write” data, which should have been a red flag according to Meow. A legitimate wallet control extension should only ask for “read-only” permissions. Yet, multiple users continued to install and use the extension, with dire consequences.
A Reddit user promoting the malicious extension claimed to have made $3,000 in a week, without providing any details.
No vulnerabilities found in key applications within Solana network
Jupiter stressed that during their research, no vulnerabilities were discovered in the main decentralized applications or wallets within the Solana network.
The discovery of the Bull Checker extension comes shortly after Solana-based futures exchange Cypher Protocol was forced to shut down its smart contract system due to an exploit that caused an estimated $920,000 in damages.
In a related incident, Matthias Mende, co-founder of Dubai Blockchain Center, reported that he was hacked and over €92,000 worth of Solana was stolen from his Phantom Wallet after attending a memecoin presale event. Mende said he still doesn’t know how exactly the hack happened.
Source: https://newsbit.nl/kwaadaardige-browserextensie-rooft-solana-wallets-leeg/
