Crypto Exchange Jupiter has identified a malicious chrome extension, “Bull Checker” after the trading platform received complaints from s using Solana DeFi that got drained over the last weeks.
The notorious chrome extension was found to have attacked s on many Solana-focused subreddits, and had the permission to read and change all the data on the website, as a potential cause.
Jupiter informed s saying, “s with this extension would interact with the dApps as per normal, have the simulation show up as normal, but have the possibility of their tokens being maliciously transferred to another wallet upon transaction completion.”
The crypto platform showed two instances of how the attack was carried out, and found that malicious instructions were added to regular Jupiter and Raydium instructions. Even the next transaction was signed by the in a regular manner. However, this time the tokens and authority was transferred to the malicious address.
As per the technical report of the attack, “Bull Checker” was publicised by an anonymous Reddit , “Solana_OG”. The attacker specifically targeted s looking to trade memecoins, and coerced them to the extension.
The crypto trading platform has asked s to remove any intruding extension with detailed permissions.
Jupiter added, “Note that there is no vulnerability found in any of the dapps or wallets.”
The crypto exchange teamed up with the CEO and Founder of Offside Labs to get an extensive technical report on the matter, and has also advised s about Blowfish’s latest security feature, ‘SafeGuard’ that prevents all simulation spoofing attacks.
Also Read: Jupiter’s community vote to shape Jupuary’s future
