- A malicious Chrome extension called “Bull Checker” has been targeting Solana users, draining funds by altering transactions while posing as a meme coin tracker.
- Users are urged to uninstall suspicious extensions and remain cautious of recommendations on platforms like Reddit.
Solana (SOL) users are on high alert following reports of a malicious browser extension known as “Bull Checker” targeting Reddit communities. Disguised as a meme coin tracker, this deceptive Chrome extension has been siphoning funds from unsuspecting users’ wallets while evading detection.
How the Scam Works
Over the past week, Meow, the pseudonymous founder of Jupiter, a prominent Solana decentralized finance (DeFi) platform, reported several incidents where Solana users experienced unauthorized token drains. After a detailed investigation, it was revealed that the “Bull Checker” extension was the culprit. The extension specifically targeted users frequenting Solana-related subreddits, exploiting their interest in meme coins.
The extension appeared harmless, enabling users to interact seamlessly with decentralized apps (dApps). However, behind the scenes, it secretly altered transactions, redirecting tokens to unauthorized wallets without the users’ knowledge. According to Jupiter’s founder, the security issue wasn’t in the dApps or wallets themselves, but in the permissions granted to the malicious extension.
The Trap: Trusting a Read-Only Extension
The “Bull Checker” extension was marketed as a read-only tool meant to display meme coin holdings—a feature that shouldn’t require excessive permissions. Yet, many users still granted the extension the ability to read and write data across websites, allowing it to execute fraudulent transactions.
Once installed, the extension waited for users to interact with legitimate dApps, altering transaction data before it was signed by the wallet. The transaction would still appear normal during simulations, concealing its true intent as a drainer.
The Role of Social Engineering
During the investigation, it was discovered that the extension was promoted by an anonymous Reddit account named “Solana_OG.” This account specifically targeted meme coin traders, luring them into downloading the extension through cleverly crafted posts and comments.
Meow issued a stern warning, emphasizing the need for skepticism when encountering recommendations on platforms like Reddit. Even posts with many upvotes or positive comments can be part of astroturfing campaigns aimed at spreading malicious software.
Protecting Yourself from Malicious Extensions
Jupiter’s founder advises users to immediately uninstall “Bull Checker” or any other extensions with excessive permissions that seem suspicious. Extensions requesting the ability to read and modify all website data should be treated with extreme caution. The founder also noted that while “Bull Checker” has been identified, there may be other similar scams targeting Solana users.
For crypto users, this serves as a crucial reminder to be vigilant when installing browser extensions. Always verify the source and consider whether the permissions requested align with the extension’s intended purpose. In the world of decentralized finance, where transactions are often irreversible, a single mistake can lead to significant financial loss.