Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
How to lose money by trusting your interlocutor.
Jupiter Research has published the results of an investigation into an incident in which some users of DeFi applications on the Solana platform lost their funds. The culprit of the data leak was the malicious Bull Checker browser extension. The plugin was aimed at users actively participating in discussions on several Solana-related subreddits.
The Bull Checker extension was designed as a tool for viewing memecoin holders and was supposed to perform purely data reading functions. However, in practice, the plugin gained access to all the information on the sites visited by users and could change it. Users may not have noticed anything suspicious when working with decentralized applications (dApps), but after the transaction is completed, the tokens may have been transferred to another wallet.
Bull Checker asks for permissions to read and modify data on websites
It is important to note that no vulnerabilities have been identified in any of the dApps or wallets. The problem was solely with the malicious extension, which silently added additional commands to normal transactions, leading to the loss of control over the tokens.
Specific transactions were detected in which malicious instructions were injected into standard operations on the Jupiter and Raydium platforms. The extension waited for the user to interact with the dApp on the official domain, after which it modified the transaction sent to the wallet for signing. Users signed such transactions without suspecting that they included commands to transfer tokens to another address.
The extension targeted memecoin traders and was promoted on Reddit by an anonymous "Solana_OG" account that lured users to install malicious software.
Example of promoting a plugin on Reddit
Users are urged to remove the Bull Checker extension and any other extensions with suspiciously broad permissions immediately. It is important to remember that any extension that requests access to read and modify data on all sites should raise serious suspicions. You should not trust programs and extensions only based on positive reviews on Reddit or other platforms.
Source
Jupiter Research has published the results of an investigation into an incident in which some users of DeFi applications on the Solana platform lost their funds. The culprit of the data leak was the malicious Bull Checker browser extension. The plugin was aimed at users actively participating in discussions on several Solana-related subreddits.
The Bull Checker extension was designed as a tool for viewing memecoin holders and was supposed to perform purely data reading functions. However, in practice, the plugin gained access to all the information on the sites visited by users and could change it. Users may not have noticed anything suspicious when working with decentralized applications (dApps), but after the transaction is completed, the tokens may have been transferred to another wallet.
Bull Checker asks for permissions to read and modify data on websites
It is important to note that no vulnerabilities have been identified in any of the dApps or wallets. The problem was solely with the malicious extension, which silently added additional commands to normal transactions, leading to the loss of control over the tokens.
Specific transactions were detected in which malicious instructions were injected into standard operations on the Jupiter and Raydium platforms. The extension waited for the user to interact with the dApp on the official domain, after which it modified the transaction sent to the wallet for signing. Users signed such transactions without suspecting that they included commands to transfer tokens to another address.
The extension targeted memecoin traders and was promoted on Reddit by an anonymous "Solana_OG" account that lured users to install malicious software.
Example of promoting a plugin on Reddit
Users are urged to remove the Bull Checker extension and any other extensions with suspiciously broad permissions immediately. It is important to remember that any extension that requests access to read and modify data on all sites should raise serious suspicions. You should not trust programs and extensions only based on positive reviews on Reddit or other platforms.
Source
