- Bull Checker Chrome extension allegedly stolen from DeFi users.
- The extension would transfer tokens to other wallets without the owner’s consent.
Exchange aggregator Jupiter (JUP) has left the crypto community on edge after revealing the presence of a malicious browser extension that targeted Solana (SOL) DeFi users.
According to the report, published on X (formerly Twitter), the Bull Checker Chrome extension targeted various users of Solana DeFi-related subreddits.
The extension allowed users to access dApps. However, once the transaction was completed, the tokens were transferred to another wallet without the user’s knowledge.
Jupiter revealed,
“Users with this extension would interact with the dApps normally, see the simulation render normally, but would have the possibility of having their tokens maliciously transferred to another wallet once the transaction is complete.”
Next steps
After the report, Jupiter warned users not to use these extensions. It seems that a Reddit account, Solana_OG, is behind this extension, as it convinced users to download the Bull Checker extension.
Bull Checker added malicious instructions to legitimize Jupiter and Raydium’s instructions, allowing these transactions to be made to another wallet.
Therefore, users should remove all other extensions with untrusted extended permissions for security reasons.
Impact on SOL?
The scandal comes amid increased outflows within the Solana network. According to Coinshare, Solana has seen an increase in outflows over the past seven days.
The altcoin saw an outflow of $39 million over the past week, primarily as memecoins in the ecosystem saw a decline in trading volume.
Source: Coinshare
Read Solana (SOL) Price Prediction 2024-25
Similarly, the Solana network has seen a significant drop in inflows and an increase in outflows. According to DefiLlama, Solana’s net flow has decreased to -0.22 million at press time.
A negative net flow shows a decrease in demand for Sol ETPs and its memecoins.
Source: DefiLlama
