A malicious Chrome extension called “Bull Checker” is targeting Solana users and stealing their tokens.
The Danger of “Bull Checker”
Jupiter, a popular Solana decentralized exchange, along with cybersecurity experts and community members, uncovered the malicious nature of “Bull Checker.” The extension, advertised as a tool to view memecoin holders, actually manipulates transactions to transfer tokens to an attacker’s wallet.
Here’s how it works:
- The extension waits for you to interact with a legitimate Solana app.
- It then modifies the transaction you’re about to sign, adding instructions to send your tokens to the attacker.
- The simulation looks normal, but the actual transaction is compromised.
A Sophisticated Attack
The attackers behind “Bull Checker” used a clever trick to hide their malicious code. They replaced the wallet’s signing method with their own, which sends the unsigned transaction to a remote server. This server adds the token-stealing instructions before sending it back to you for approval.
This means you might see a transaction that looks perfectly normal, but it’s actually sending your tokens to the attacker.
How to Protect Yourself
- Be cautious about any Chrome extension that requests broad permissions. Especially those that interact with your wallet or financial transactions.
- Verify the legitimacy of any extension before installing it.
- Don’t install extensions from untrusted sources.
New Security Measures
To combat these types of attacks, Blowfish has released a feature called SafeGuard. This feature helps prevent simulation spoofing attacks and is being adopted by many Solana wallets.
This is a good step towards improving security on the Solana blockchain, but it’s important to stay vigilant and protect yourself.
Remember, if it sounds too good to be true, it probably is. Don’t fall for scams or malicious extensions. Always do your research and be cautious with your digital assets. /p>
