A crucial alert has been issued to users of Solana-based decentralized finance (DeFi) platforms regarding a harmful Chrome extension named “Bull Checker.” This notice was raised by Jupiter, a prominent decentralized exchange aggregator on the Solana blockchain, after collaborating with cybersecurity experts and the community.
Alert for Solana Community
Jupiter’s research team, alongside Offside Labs and community moderators, discovered that “Bull Checker” was responsible for unauthorized transfers of tokens from user wallets. The team investigated reports of unusual token drains and found that the Chrome extension, purportedly designed to show memecoin holders, was altering transaction data instead.
The extension behaves by intercepting interactions with legitimate dApps on the official domain and modifying the transaction data sent to wallets for signature. Despite appearing normal in simulations, the transactions are tampered with to send tokens to an attacker’s wallet. The extension embeds undetectable malicious code during standard transaction simulations, making it particularly deceitful.
After a technical assessment, it became evident that the mechanisms used by “Bull Checker” were sophisticated. The extension could swap the wallet adapter’s signing method with its own, sending transactions to a remote server for manipulation before user approval. This was confirmed by scrutinizing specific transaction instances where malicious instructions altered routine transactions, leading to unauthorized token transfers.
The malicious extension’s process involved monitoring the victim’s SOL balance during simulation, executing covert transactions, and obscuring unauthorized activities. Despite initial promotions by an anonymous Reddit account targeting memecoin traders, the extension managed to infiltrate numerous users’ devices.
The investigation unveiled the potential existence of other harmful extensions with comparable functions, stressing the importance of cautious extension usage. Blowfish’s new security feature, SafeGuard, aids in preventing simulation spoofing attacks and is being embraced by multiple Solana wallets, adding a layer of protection against such exploits.
Currently, Solana is trading at $146.67.