A new malicious browser extension called “Bull Checker” targets Solana users on Reddit by masquerading as a meme coin tracker.
This extension evades detection systems and has drained the wallets of Solana users.
Targeted Solana users
Last week, Jupiter founder pseudonym Meow reported that some Solana DeFi users experienced unauthorized token drains. Through extensive research with partners, they traced the issue back to “Bull Checker,” which had targeted users on several Solana-related subreddits.
This extension allowed users to interact normally with decentralized applications (dApps), but secretly transferred tokens to unauthorized wallets after the transaction was completed. Jupiter’s founder emphasized that no vulnerabilities were found in dApps or wallets.
They urged users to remove the “Bull Checker” extension or any similar extension with extensive permissions that they cannot immediately trust.
Bull Checker is designed as a read-only extension meant to display meme coin holders. Ideally, this extension should not require permission to read or write data on all websites, which should have raised concerns for users. Despite this, several users proceeded to install and use it.
Once installed, Bull Checker waits until a user interacts with a standard dApp on its official domain, then modifies the transaction before signing it with the wallet. The modified transaction still looks “normal” in the simulation, hiding its true intent as a drain.
While researching the Chrome extension, Jupiter’s founder also discovered that it was promoted by an anonymous Reddit account, “Solana_OG.” This individual appeared to target users looking to exchange meme coins and lured them into downloading the extension.
Keep an eye out for red flags
Meow issued a strong warning to users, stressing the importance of skepticism when encountering recommendations on Reddit or other media platforms, regardless of how many upvotes or positive comments they receive.
The founder highlighted the dangers of “astroturfing and social engineering,” where bad actors can manipulate public perception to spread harmful tools like the “Bull Checker” extension. They also added that extensions that ask for extensive permissions, such as the ability to read and modify all website data, should be treated with extreme caution.
“Although we have identified one malicious extension, there could still be other malicious extensions. There have been reports of other drains that we have not been able to locate. If you suspect an extension contains malware, especially if they have both “read” permissions ” as in “change”, uninstall it immediately.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
TRON 
Cardano 
Avalanche 
Wrapped stETH 
Wrapped Bitcoin 
Shiba Inu 
WETH 
Bitcoin Cash 
Chainlink 
Polkadot 
LEO Token 
Dai 
Uniswap 
NEAR Protocol 
Litecoin 
Kaspa 
Wrapped eETH 
Internet Computer 
Artificial Superintelligence Alliance 
Sui 
Pepe 
Aptos 
Monero 
First Digital USD 
Stellar 
POL (ex-MATIC) 
Ethereum Classic 
Ethena USDe 
Bittensor 
OKB 
Stacks 
Immutable 
Cronos 
Filecoin 
Aave 
Render 
Injective 
Arbitrum 
Mantle 
Hedera