New Solana Drainers: Scam-as-a-Service
Blowfish, a web3 security firm, has recently identified two new drainers on the Solana blockchain called ‘Aqua’ and ‘Vanish.’ These drainers have the ability to perform bit-flip attacks, as reported in an analysis shared on a platform that was formerly known as Twitter. The analysis reveals that these drainers have been modifying a conditional within on-chain data, even after a user’s private key has been used to sign a transaction.
Blowfish has found that the script used by the drainers is available for purchase on marketplaces that offer scam-as-a-service tools. The team has further explained how these drainers execute their method to flip data and steal funds. According to the analysis, on Solana, a decentralized app (dApp) can be granted authority to submit a transaction. If the dApp includes a conditional statement that allows it to send the user’s SOL or drain their account, a drainer can manipulate that conditional at any time.
These drainers operate stealthily, initially going unnoticed by users. The victim signs what appears to be a valid transaction, unaware of the impending attack. The drainer temporarily holds onto the transaction after receiving the signature. Subsequently, through a separate transaction, the drainer flips the conditional statement of the dApp, making it seem like it will send SOL to the user, but instead taking it for itself.
A bit-flip attack is a method of exploitation where an attacker alters the value of certain bits in encrypted data, enabling them to manipulate a system. It allows the attacker to change the encrypted message without knowledge of the encryption key. By flipping specific bits, the attacker can sometimes predictably modify a message once it has been decrypted.
The Solana ecosystem has experienced a growing number of crypto drainers. According to Chainalysis, an online community dedicated to Solana, one of the largest wallet drainer kits had over 6,000 members as of January. Brian Carter, a senior intelligence analyst at Chainalysis, stated in a previous interview that successful draining kits can target multiple assets in various ways.
The Blowfish team has taken measures to defend against these newly discovered drainers. They have implemented automated blocks to prevent their attacks and are actively monitoring on-chain activity.
3 thoughts on “New Solana Drainers: Scam-as-a-Service”
Leave a Reply
You must be logged in to post a comment.
The growing number of crypto drainers on Solana is indeed worrying. It’s crucial for users to stay educated about potential threats and stay updated on security measures. Thank you, Blowfish, for sharing this valuable information and helping us protect our assets.
Thank you, Blowfish, for shedding light on the concept of bit-flip attacks! It’s incredible to learn how attackers can manipulate encrypted data without knowledge of the encryption key. This highlights the importance of robust encryption and security protocols in blockchain systems.
The fact that these drainers go unnoticed by users and trick them into signing what seems like a valid transaction is just despicable! Solana needs better protection for its users.