Crypto Exchange Jupiter has identified a malicious chrome extension, “Bull Checker” after the trading platform received complaints from users using Solana DeFi that got drained over the last weeks.
The notorious chrome extension was found to have attacked users on many Solana-focused subreddits, and had the permission to read and change all the data on the website, as a potential cause.
Jupiter informed users saying, “Users with this extension would interact with the dApps as per normal, have the simulation show up as normal, but have the possibility of their tokens being maliciously transferred to another wallet upon transaction completion.”
Advertisement
The crypto platform showed two instances of how the attack was carried out, and found that malicious instructions were added to regular Jupiter and Raydium instructions. Even the next transaction was signed by the user in a regular manner. However, this time the tokens and authority was transferred to the malicious address.
As per the technical report of the attack, “Bull Checker” was publicised by an anonymous Reddit account, “Solana_OG”. The attacker specifically targeted users looking to trade memecoins, and coerced them to download the extension.
The crypto trading platform has asked users to remove any intruding extension with detailed permissions.
Jupiter added, “Note that there is no vulnerability found in any of the dapps or wallets.”
The crypto exchange teamed up with the CEO and Founder of Offside Labs to get an extensive technical report on the matter, and has also advised users about Blowfish’s latest security feature, ‘SafeGuard’ that prevents all simulation spoofing attacks.
Advertisement
Also Read: Jupiter’s community vote to shape Jupuary’s future