- Scam Sniffer has identified two significant Solana wallet drainers responsible for a $4.17 million heist.
- The security firm said phishing attacks on Solana often involves direct transfers, exploiting weaknesses.
- Scam Sniffer has also identified a phishing campaign on privacy-focused search engine DuckDuckGo.
Blockchain forensics firm, Scam Sniffer, has identified two major “sophisticated Solana wallet drainers.”
Over the past month, these malicious actors have stolen $4.17 million from 3,947 users.
According to Scam Sniffer, Solana phishing often involves direct transfers, exploiting weaknesses in transaction simulations.
See Also: Ukraine Police Arrested 29-Year-Old Cryptojacker
Solana Wallet Gets Drained
Rainbow Drainer, discovered by Scam Sniffer on December 16, 2023, during an airdrop phishing incident, has stolen $2.14 million from 2,189 users.
The phishing scheme involved a fake NFT<NFT airdrop where victims unwittingly signed a malicious contract, resulting in the theft of their assets.
The bad actor pilfered $464,817 in BONK, $173,382in ZERO, $165,932 in USDT, and $93,266 in USDC.
Moreover, a second drainer, the Node Drainer, began its operations through a Christmas phishing campaign. The malicious entity stole over $2 million from 1,762 users within two weeks.
“One address associated with Node Drainer converted stolen USDC to ETH via AllBridge, making over $1 million in profit,” Scam Sniffer said.
A link associated with Node Drainer was also found in a hack conducted by Mandiant. On December 25, 2023, alone, Node Drainer stole $638,644 in ANALOS tokens, $325,432 in BONK, and $93,987 in SILLY.
Usually, drainers use airdrops on phishing sites to lure unsuspecting users, who, upon entering the site, encounter a simulated failure message, leading them to confirm a transaction without visible details.
This deceptive tactic results in users losing their assets to theft.
Last year, these wallet drainers stole nearly $300 million from about 324,000 victims.
See Also: Michael Saylor Warns Bitcoin Community Against Deep-fake Video Scam
More Crypto Phishing Scams
Meanwhile, according to Scam Sniffer, DuckDuckGo, a privacy-focused web browser, is being used to perpetuate a phishing scam.
The security firm said an unnamed individual lost $12,000 to a deceptive 1inch scam advertisement on the platform.
We've also received reports of a victim losing $12,000 by clicking on a fake @1inch scam ad on DuckDuckGo. https://t.co/9S0YD31Ork
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 13, 2024
