Solana-based decentralized exchange aggregator, Jupiter, has issued a critical warning about a malicious Chrome extension called “Bull Checker” that has been draining the wallets of Solana users. The warning follows numerous reports from Solana DeFi users who had their crypto wallets compromised.
The extension, allegedly promoted on Reddit by an anonymous user known as “Solana_OG,” was advertised as a tool for viewing holders of specific meme coins. However, when users interacted with decentralized applications (dApps) on Solana, the extension injected malicious instructions into transactions, redirecting users’ funds to a different address.
Deceptive Extension Slips Past Security Checks
Jupiter’s founder, Meow, highlighted the extension’s ability to bypass Solana’s drainer checks, making it even more dangerous. The “Bull Checker” extension requested unnecessary permissions, such as the ability to “read and change all data” on websites—a significant red flag that many users overlooked.
“Users with this extension would interact with the dApps as usual, but their tokens could be maliciously transferred to another wallet upon transaction completion,” Meow explained.
Community Urged to Remain Vigilant
Despite the removal of “Bull Checker” from the Chrome Web Store, Jupiter is urging the Solana community to remain cautious. Users are advised to uninstall any similar extensions that demand extensive permissions and to be wary of tools promoted on platforms like Reddit.
Jupiter reassured users that no vulnerabilities were found in the major Solana dApps or wallets during their investigation. However, the incident underscores the need for heightened vigilance, as attackers continue to exploit social engineering tactics to target crypto users.