Key Insights:
- “Bull Checker” Chrome extension manipulates transactions and drains wallets while evading Solana’s security checks.
- Malicious browser extensions exploit Solana users, causing increased concerns about financial losses.
- Jupiter urges users to uninstall risky extensions, asking for excessive permissions to protect cryptocurrency transactions.
A new threat has emerged for Solana users. A malicious Chrome browser extension, “Bull Checker,” has been discovered to drain the funds of unsuspecting individuals. This extension has been reported to infiltrate Solana wallets by evading security checks and preying on users interacting with decentralized applications (DApps) on the Solana network.
Decentralized exchange aggregator Jupiter was among the first to warn users about this threat. In an August 20 research post, pseudonymous founder Meow confirmed that the “Bull Checker” extension had targeted several Solana users, promoting itself as a tool to monitor holders of specific memecoins on Reddit. The extension cleverly bypassed Solana’s drainer checks and posed as a legitimate wallet-checking tool while being designed to steal funds.
Stealth Tactics and Warnings for Users
According to Jupiter’s investigation, the “Bull Checker” extension operated by requesting permissions beyond the necessary “read-only” access for legitimate extensions. Users were asked to grant “read and write” access, which should have raised alarms. However, many users proceeded with installation despite this warning sign, unknowingly opening themselves up to theft.
Meow provided insight into the malicious extension’s workings, explaining that it manipulated transactions during regular interactions with official DApps. These transactions appeared normal, even passing Solana’s simulation checks, which typically serve to detect any suspicious modifications.
The extension would then wait for the user to engage with a legitimate DApp, intercept the transaction, and maliciously alter it to transfer its tokens to another wallet without raising red flags in the simulation.
Jupiter urged users who had installed “Bull Checker” or any similar extension to uninstall it immediately. The exchange emphasized that extensions asking for more permissions than necessary should not be trusted, especially when dealing with cryptocurrency transactions.
Growing Security Concerns in the Solana Ecosystem
This discovery adds to a growing list of security incidents within the Solana ecosystem. Less than two weeks earlier, decentralized futures exchange Cypher Protocol paused its operations following a $1 million exploit. The frequency of these attacks has raised concerns among Solana users about the safety of their assets on the network.
Despite this latest security breach, Jupiter clarified that the “Bull Checker” incident did not expose any inherent vulnerabilities in Solana’s major decentralized applications or wallets. Instead, the issue stemmed from a malicious browser extension that capitalized on user trust and manipulated transactions through subtle, deceptive methods.
However, the attack has created unease among users, particularly those involved in DeFi and memecoin trading, who are now questioning the security of the tools and extensions they rely on for monitoring their assets.
Failed Transactions and Rising Costs on Solana
The security breach involving “Bull Checker” is not the only issue plaguing the Solana ecosystem. Data has shown a significant rise in failed transactions on Solana’s Jupiter aggregator. The platform processed 10.31 million transactions, with a failure rate of 83%, amounting to 8.56 million failed attempts. These failures resulted in substantial costs for users, as they are charged fees even when transactions are unsuccessful.
One user on X (formerly Twitter), identified as Dave, pointed out that users had been charged an average of $6,334.4 USD for these failed transactions. This has led to further concerns regarding the role of validators and bots in the network. When transactions fail, users often increase their slippage tolerance to avoid repeated failures, but this makes them vulnerable to front-running bots that can exploit liquidity before transactions are completed.
Dave expressed concern over these issues:
“The only people winning are validators, bots, or RPC endpoint operators that can see transactions before they are put on-chain.”
This has fueled discussions within the Solana community about the network’s current state and the transaction process’s fairness, especially as failed transactions continue to rise.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.
