Scam-as-a-service: New Solana drainers identified

Must read

Cosmos co-founder says GovGen will show how governance can be used in blockchain development

Cosmos co-founder says GovGen will show how governance can be used in blockchain development Monika Ghosh · 4 hours ago ·...

Bitcoin network congestion eases as mempool clears in February

Bitcoin network congestion eases as mempool clears in February Andjela Radmilac · 7 hours ago · 2 min read ...

What is the role of spot Bitcoin ETFs in modern investment portfolios?

Aligned within a year of its three halving events, Bitcoin had three major bull runs in its 15-year history. After each one, in 2013,...

Why a trustless, multichain approach to web3 demands direct integration

Why a trustless, multichain approach to web3 demands direct integration Lomesh Dutta · 16 hours ago · 3 min read...

The drainers, available on scam-as-a-service marketplaces, can flip a conditional within an on-chain transaction.

5587 Total views

14 Total shares

Scam-as-a-service: New Solana drainers identified

Web3 security firm Blowfish has detected two new Solana drainers that can perform bit-flip attacks, according to a Feb. 9 analysis shared on X (formerly Twitter). 

The drainers, known as ‘Aqua’ and ‘Vanish,’ were flagged modifying a conditional within on-chain data, even after a user’s private key was used to sign a transaction. According to Blowfish, the drainers’ script is available for a fee in marketplaces offering scam-as-a-service tools.

The Blowfish team broke down the drainers’ method to flip data and steal funds. “On Solana, a dApp can be given authority to submit a transaction. If the dApp’s onchain program includes a conditional that allows it to send the user SOL or drain their account, a drainer could flip that conditional at any time,” reads the analysis.

The drainers go unnoticed by users at first. The victim signs what appears to be a valid transaction. However, after receiving the signature, the drainer temporarily holds on to the transaction. “Then, via a separate transaction, they flip the dApp’s conditional; it goes from appearing to send SOL to taking it instead.”

There’s a completely new breed of scams on the loose, and they’re not like anything we’ve seen before!

Imagine: a transaction that appears safe when you sign it, but the moment it’s submitted on chain, it suddenly drains your assets.

Sounds like a nightmare, doesn’t it? pic.twitter.com/VkD4Cbhnh0

— Blowfish (@blowfishxyz) February 9, 2024

A bit-flip attack is a form of exploitation where the attacker changes the value of some bits in the encrypted data to manipulate a system. It allows the attacker to modify the encrypted message without knowing the encryption key. By flipping specific bits, an attacker can sometimes change a message in a predictable way once it’s decrypted.

A rising number of crypto drainers has targeted the Solana ecosystem. According to Chainalysis, one of the largest online communities devoted to a single Solana wallet drainer kit had over 6,000 members as of January. Brian Carter, Chainalysis senior intelligence analyst, told Cointelegraph in a previous interview that the most successful draining kits can target many assets in various ways.

The Blowfish team is said to have put defenses in place to automatically block the newly found drainers, and is monitoring on-chain activity.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks

More articles

Latest article

Cosmos co-founder says GovGen will show how governance can be used in blockchain development

Cosmos co-founder says GovGen will show how governance can be used in blockchain development Monika Ghosh · 4 hours ago ·...

Bitcoin network congestion eases as mempool clears in February

Bitcoin network congestion eases as mempool clears in February Andjela Radmilac · 7 hours ago · 2 min read ...

What is the role of spot Bitcoin ETFs in modern investment portfolios?

Aligned within a year of its three halving events, Bitcoin had three major bull runs in its 15-year history. After each one, in 2013,...

Why a trustless, multichain approach to web3 demands direct integration

Why a trustless, multichain approach to web3 demands direct integration Lomesh Dutta · 16 hours ago · 3 min read...

US agencies pause Biden-sanctioned emergency miner survey following lawsuit

What is CryptoSlate Alpha?A web3 membership designed to empower you with cutting-edge insights and knowledge. Learn more ›Connect via Access ProtocolAccess Protocol is a...