Jupiter posted on X that the team received reports over the past week that a small number of users using Solana DeFi had their funds drained.
After extensive investigation, the team discovered a malicious Chrome extension called "Bull Checker" that targeted users on several Solana-related subreddits. Users with this extension will be able to interact with DApps as usual, and simulations will display normally, but their tokens may be maliciously transferred to another wallet when the transaction is completed.
If a user has this extension (or a similar extension with broad permissions that cannot be trusted), it is recommended to delete it immediately. No vulnerabilities have been found in any DApp or wallet.
In addition, Raydium has confirmed that its affected users have installed the same extension. The team also found that it was posted by an anonymous Reddit account "Solana_OG". This person seems to be targeting users who want to trade Meme coins and tricking them into downloading the extension.