Web3 security company Blowfish recently detected a pair of sophisticated Solana (SOL) transaction drainers, dubbed aqua and vanish, on the Solana network, capable of executing elusive bit-flip attacks.
There’s a completely new breed of scams on the loose, and they're not like anything we've seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it's submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn't it? pic.twitter.com/VkD4Cbhnh0
— Blowfish (@blowfishxyz) February 9, 2024
According to Blowfish’s analysis, these two drainers can alter a condition in on-chain data post-transaction signature by the user’s private key.
These dangerous scripts lurking under the transactional radar are being peddled on the dark web, offering scammers a scam-as-a-service toolkit.
The Blowfish examination highlights the drainers’ adept use of the on-chain authority provided to decentralized apps (DApps), enabling them to switch from transaction facilitators to malicious account-draining entities.
According to the security firm, the troubling aspect of these attacks is their stealth; victims initially see valid transactions, which are then intercepted and manipulated by the attackers to extract cryptocurrency from the user’s account.
Such bit-flip attacks threaten transaction integrity by flipping bits in the encrypted data, altering the decrypted message without accessing the encryption key.
The discovery has cast a spotlight on the evolving cyber threat landscape within Solana’s network.
This increasing threat is underscored by a Chainalysis report that discloses a large community associated with a Solana wallet drainer kit, teeming with over 6,000 participants as of January.
These drainers symbolize the ease with which cybercriminal tools can now be acquired and employed, particularly as Solana gains traction as a prime target due to its rising fame.
In response to this growing menace, Blowfish stated it had implemented automatic defenses to neutralize these new drainers while continuing to monitor on-chain activity vigilantly.
/2 These drainers are highly sophisticated and can deceive the simulations used by Solana wallets, leading users to unknowingly sign malicious transactions.https://t.co/I2kPQl7U3Z pic.twitter.com/QIbGfEVN4z
— Blockaid (@blockaid_) January 2, 2024
However, crafting foolproof security remains challenging despite these efforts, as attackers incessantly evolve and refine their avoidance tactics.
The firm’s investigation also unearthed international elements at play, with suspected Russian developers notably involved in crafting and circulating such drainer tools — often accompanied by Russian documentation.
Finally, community solidarity has become crucial in the fight against these threats, with blockchain advocates rallying together to develop and employ protective measures like Wallet Guard, enhancing user defenses against such predatory phishing-oriented attacks.
🚨 SOLANA WALLET DRAINER
We have detected a new Solana wallet drainer kit being actively distributed. This is targeted at popular meme coins such as Bonk, Jupiter, Chonky, Galactic Geckos & dogwifhat.
Our browser extension is now proactively blocking these websites. pic.twitter.com/59VVuUa2eI
— Wallet Guard (@wallet_guard) December 29, 2023
Zug, Switzerland-based Blowfish works with some 30 customers, including WalletConnect, to help prevent over 500,000 wallet-draining attacks.