• Solana users reported having their funds drained mysteriously.
  • A Chrome extension promoted on Reddit was a disguised crypto drainer, stealing funds by manipulating transactions.

As a seasoned researcher with years of experience in the crypto sphere, I’ve seen my fair share of scams and hacks. However, the recent incident involving Bull Checker extension has left me more than just a little concerned.


Warning to users: Be cautious when it comes to a suspicious Chrome extension named Bull Checker, which is disguised as a decentralized exchange (DEX) aggregator for memecoins. This malware has been found to target Solana-based DeFi users and result in the theft of their assets once installed.

In their recent post, Jupiter, a platform used by many interacting within the Solana DeFi ecosystem, delved into the cause of repeated incidents similar to hacks they’ve experienced. They uncovered the culprit: a harmful Chrome extension called “Bull Checker.” This malicious tool had been stealthily aiming at users across various Solana-related subreddits. The creators of this extension advertised their dangerous product on Reddit, enticing users with promises of easy earnings in the thousands.

Extension-Based Wallet Drainer Attacking Solana Users

Source: Jupiter

1. The article went on to say, “Users who use this extension will engage with dApps as usual, but they may find that their tokens are secretly transferred to another wallet after a transaction is completed due to potential malicious activity.” It also warned, “If you have this extension (or any other extensions with extensive permissions that you cannot vouch for), it’s advisable to uninstall it promptly.”

Bull Checker Asked for Permission to Change Data, Manipulated Transactions and Routed Funds to Exploiter’s Wallet

Upon installation, the Bull Checker extension requested authorization to both read and modify user data, which should have alerted users to its potential manipulative capabilities. Regrettably, many users failed to notice this request. It’s important to know that trustworthy extensions only ask to access data and do not make any changes. Unfortunately, by granting Bull Checker the ability to modify data, it has been found to fraudulently alter recipient addresses in crypto transactions, directing funds from transfers to a malicious actor’s wallet. The troubling aspect is that this crypto drainer passed all simulation tests and remained undetected as a tool created and utilized by ill-intentioned parties.

According to an extensive report penned by the enigmatic figure behind Jupiter, known as Meow, Bull Checker is designed to function as a read-only browser extension, enabling users to inspect the holders of memecoins. It’s essential to note that this tool shouldn’t be capable of reading or writing data on all websites. Furthermore, Meow cautions those engaging with offerings advertised in online forums: “Don’t blindly trust something simply because it was mentioned on Reddit or other platforms and has garnered numerous upvotes. The practices of astroturfing and social engineering are genuine threats.”

 

Read More

2024-08-21 15:41