A malicious ‘bull debugger’ chrome extension targeting Solana users has been discovered

A malicious 'bull debugger' chrome extension targeting Solana users has been discovered


Decentralized exchange aggregator Jupiter says it has identified a new malicious browser extension. The extension has drained the wallets of many Solana users and can even bypass identifiers.

In the year In an August 20 research post, Jupiter founder Mew “Bull Checker” — a malicious Google Chrome browser extension — was targeting Solana users on Reddit, advertising itself as an extension to check all owners of certain memecoins.

Source: Jupiter

“Please remove this extension (or similar extensions if you have extensive permissions) immediately,” Jupiter wrote in an Aug. 19 post to X.

The Meow extension was able to pass Solana's simulation checks and “looked normal” but was actually a drain designed to steal money from users' wallets.

okex

“After installing Bull Checker, it waits for the user to connect to the normal DApp on the public domain before updating to sign the transaction sent to the wallet. After updating, the simulation result still looks ‘normal' and doesn't look like a drain,” explained Meow.

Meow requires users of the Bull Checker extension to accept “read and write” permissions, saying that any legitimate wallet checking extension should only request ‘read-only' permissions.

“This should have been a major red flag for users, but apparently many users continue to install and use the extension,” he said.

8eb1144b69509fff96685690ac0fae24cadb3fcf

The “Bull Checker” extension has requested permission to read and write data. Source: Jupiter

“Users with this extension will interact with DApps as usual, the simulation will appear as normal, but when the transaction is completed, there is a possibility that their tokens will be maliciously transferred to another wallet,” he added.

Related: Solana ETF ‘still in play' despite Cboe filing removed – VanEck exec

One of the users who posted the malicious extension on Reddit said last week that they used it to make $3,000 without providing any further details.

Jupiter assured users that no vulnerabilities were found in major decentralized applications (DApps) or wallets on the Solana network during their investigation.

The discovery of the “Bull Checker” extension comes less than two weeks after Solana-based decentralized futures exchange Cipher Protocol shut down its smart contract system due to an estimated $1 million exploit.

Meanwhile, on July 8, Matthias Mende, founder of the Dubai Blockchain Center, told Cointelegraph that a hacker stole more than $100,000 in Solana (SOL) after participating in memecoin. Pre-sale event.

Mende said he still does not know how the abduction happened.

Magazine: 5 risks to be aware of when entering Solana memecoins

Pin It on Pinterest