Solana DeFi User Funds Exfiltrated Due to Malicious Chrome Extension: Hack Alert
Solana DeFi users fell victim to a malicious Chrome extension called “Bull Checker” that caused their crypto assets to be transferred from their crypto wallets without their permission. Disguised as a tool to view Namecoin holders, the extension exploited users by gaining broad permissions to read and modify all data on the websites the users visited.
A week-long investigation by Jupiter Research and Offside Labs revealed that the extension manipulated transaction data on legitimate platforms such as Jupiter and Raydium. Users unknowingly signed transactions containing malicious instructions, which resulted in funds being transferred to unknown cryptocurrency wallets.
In particular, investigators reported that they had identified two specific instances of transactions interacting with this malicious extension. The transactions were originally processed through legitimate platforms such as Jupiter and Raydium. However, additional malicious instructions were added to the transactions, and users signed them without their knowledge, resulting in unauthorized transfers of tokens.
The first transaction, identified with the code 5UMucMksJweA1AtgyxrK8DJeBXr3DQGEGRs5Kkq2pZjr, and the second transaction, identified with the code 5krgaq2FTZA…, both involved unauthorized fund transfers to wallets controlled by the exploiter. The ability of this extension to bypass standard security checks and execute malicious transactions has raised significant concerns within the crypto community.
Raydium and other Solana dApp developers have urged users to immediately remove the “Bull Checker” extension. Experts stress that the breach was caused by a malicious extension, not a vulnerability within the Solana dApp or wallet. Security firms such as Blowfish are working on new features to protect users from such threats in the future.
The Solana cryptocurrency community currently recommends reviewing and removing any suspicious browser extensions to protect your assets.
Also Read: SEC Expresses Concerns About Solana Spot ETF, Halts Approval Process: Bad News