Sunday , November 24 2024
Home / Crypto news / Extension-Based Wallet Drainer Attacking Solana DeFi Users

Extension-Based Wallet Drainer Attacking Solana DeFi Users

Summary:
DeFi users on Solana reported having their funds drained mysteriously. A Chrome extension promoted on Reddit was a disguised crypto drainer, stealing funds by manipulating transactions. Jupiter, a DEX (decentralized exchange) aggregator, warned users of a new malware packaged as a Chrome-based extension called Bull Checker. It was advertised to serve the purpose of showing all the holders of any memecoin. Solana-based DeFi users who installed the extension reported having their assets stolen. As Jupiter’s user base interacting with the Solana DeFi ecosystem voiced similar incidents, it dug deep to find the source of the hacks. In an X post, it revealed the findings. “After extensive investigation, we have identified a malicious Chrome extension called “Bull Checker” that had targeted

Topics:
Suraj Manohar considers the following as important: , , ,

This could be interesting, too:

Chayanika Deka writes Sui Network Suffers Outage Due to Bug in Transaction Scheduling Logic

Chayanika Deka writes Sky (Formerly Maker) Announces USDS’s Debut on Solana Blockchain

Wayne Jones writes VanEck Europe Enables SOL Staking for its M Solana ETN

Chayanika Deka writes Solana-Based Pump.fun Sells 40,000 SOL Worth .68M in Latest Transaction: Data

  • DeFi users on Solana reported having their funds drained mysteriously.
  • A Chrome extension promoted on Reddit was a disguised crypto drainer, stealing funds by manipulating transactions.

Jupiter, a DEX (decentralized exchange) aggregator, warned users of a new malware packaged as a Chrome-based extension called Bull Checker. It was advertised to serve the purpose of showing all the holders of any memecoin. Solana-based DeFi users who installed the extension reported having their assets stolen.

As Jupiter’s user base interacting with the Solana DeFi ecosystem voiced similar incidents, it dug deep to find the source of the hacks. In an X post, it revealed the findings. “After extensive investigation, we have identified a malicious Chrome extension called “Bull Checker” that had targeted users on several Solana-related subreddits.” Those behind the extension advertised the malicious product on Reddit, luring users in by claiming to make thousands of dollars with it.

Extension-Based Wallet Drainer Attacking Solana DeFi Users

Source: Jupiter

The post continued, “Users with this extension would interact with the dApps as per normal, have the simulation show up as normal, but have the possibility of their tokens being maliciously transferred to another wallet upon transaction completion.” It added, “If you have this extension (or similar extensions with extensive permissions you cannot trust), please remove it immediately.”

Bull Checker Asked for Permission to Change Data, Manipulated Transactions and Routed Funds to Exploiter’s Wallet

Bull Checker, upon installation, asked users for permission to read and change data, which should have tipped users off. However, many did not notice. Extensions safe for use ask to read data and nothing more. By allowing Bull Checker to alter data, it manipulates recipient addresses on transactions, sending funds from crypto transfers to a bad actor’s wallet. The concerning part is that the crypto drainer passed all simulation checks and could not be identified as a tool developed and used by nefarious entities.

In a detailed report published by Jupiter’s pseudonymous founder, who goes by Meow, wrote, “Bull Checker is supposed to be a read-only extension that allows you to view the holders of memecoins. There should be no need for an extension like this to read or write data on all websites.” They also offered words of advice to those interacting with offerings promoted in online communities, “Do not trust something just because someone mentioned it on Reddit or other media and it has many upvotes. Astroturfing and social engineering are very real.”

Leave a Reply

Your email address will not be published. Required fields are marked *