Web3 Security Firm Blowfish Reveals 2 New SOL Drainers Offering 'Scam-As-A-Service'
Web3 security company Blowfish has uncovered two new sophisticated Solana (SOL) transaction drainers selling ‘drainer kits’ as a service to execute ‘bit-flip’ attacks. The firm shared its analysis on X (formerly Twitter) in which it identified the drainers ‘Aqua’ and ‘Vanish’, whose drainers' scripts are available for a fee in marketplaces offering scam-as-a-service tools. These ‘drain kits’ can alter data and post-transaction signatures using the user’s private key to completely drain the victim’s wallets leaving nothing behind.
There’s a completely new breed of scams on the loose, and they're not like anything we've seen before!
— Blowfish (@blowfishxyz) February 9, 2024
Imagine: a transaction that appears safe when you sign it, but the moment it's submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn't it? pic.twitter.com/VkD4Cbhnh0
What is the bit-flip drainer scam?
In a bit-flip attack, the scammer intercepts a transaction and alters a crucial condition within the on-chain data. Finally, when the transaction is executed, it is ‘flipped’ and instead of the intended action, the altered transaction drains the victim’s SOL tokens.
With a tip from @phantom, our team at Blowfish identified the first live examples of this in two newer Solana drainers - "Aqua" and "Vanish".
— Blowfish (@blowfishxyz) February 9, 2024
These are both examples of 'drainers as a service'; meaning they provide the drainer script to customers for a fee.
Let’s break it down:
Here’s how the scam unfolds
In its post, Blowfish explained how the two drainers execute a bit-flip attack. In the scam, a victim is solicited to sign a transaction that appears to be benign. After this, when the drainer receives the signature, the first step to the scam is done.
In the second step, the scammers flip the dApp’s condition in a separate transaction, and it goes from appearing to send SOL to taking it instead.
Thus, in the final step, the drainer submits the original transaction, which interacts with the now-altered program code, and the victim’s wallet is mysteriously depleted.
Other Forms of SOL Drainer Scams
Malicious Scripts and Smart Contracts: In this, malicious scripts are embedded in applications or websites, which activate when a user interacts with them, starting unauthorized asset transfers.
Phishing and Social Engineering: In this, victims are lured into clicking on malicious links or sharing sensitive wallet information granting access to their wallets to the scammers.
Exploiting Wallet Vulnerabilities: In this, scammers exploit weaknesses in wallet software or user security practices to gain unauthorized access.
**Warning Drainer Scam** I got drained today after connecting to a fake ME Upvote link in Atoverse (where wallet connection is needed). Not much sol as I used a burner.
— TooPoor4ETH (@rippcorddd) (@RippCorddd) July 25, 2022
BUT just a reminder not to be me… always check your links and don’t be complacent @MagicEden @AotuverseNFT pic.twitter.com/2iwqdazlBf
Menace of SOL Drainers
Recently, several crypto security firms have sounded the alarm saying malicious drainer applications are on the rise.
🚨 GM Millionaires! 🌞
— Crypto Class (@AlexiosKonstan) January 4, 2024
Recently, the #Solana ecosystem has seen a rise in wallet drainer activities, targeting $SOL and Solana-based memecoin holders. These drainers exploit users with phishing scams, luring them to fraudulent websites.
To stay safe, using protective tools like… pic.twitter.com/KQd4rwvXlF
A report from blockchain security firm Chainalysis highlighted that one of the largest online communities devoted to a popular Solana wallet drainer kit has over 6,200 members.
In a Cointelegraph report, Chainalysis senior intelligence analyst Brian Carter stated that the most successful draining kits are flexible and target various assets using different methods. He also highlighted Russia's links to the community of developers offering drainer kits for sale, and stated that most of the drainer kits used in crimes today are not specific or limited to Solana.”
Further, Web3 security firm CertiK confirmed that about $77 million was lost to crypto scams in 2024 alone.
How To Be Safe from SOL Drainers
To mitigate the threat, crypto traders can use tools like Wallet Guard, which has implemented protections for Solana drainers.
🛡️ 𝐍𝐞𝐰 𝐘𝐞𝐚𝐫, 𝐍𝐞𝐰 𝐒𝐜𝐚𝐦 🛡️
— NFT_Dreww.eth (@nft_dreww) January 2, 2024
If you are trading tokens on Solana, you NEED to install @wallet_guard extension. They just added the ability to detect SOL wallet drainer kits meaning they will proactively stop you from going to scam Solana domains and getting your Solana… pic.twitter.com/fPyArgDrQu
Further, traders are advised to be wary of unexpected requests for their wallet's credentials or for signing transactions. They should also look out for changes in wallet settings or unfamiliar addresses popping up.
Another sign of a drainer scam is suspicious wallet performance in which the operation becomes slow or erratic. This may indicate the presence of malicious scripts or programs targeting the funds.
Crypto traders are also advised to keep a regular tab on their transaction history to detect anomalies or unauthorized transfers early on.
Traders should audit wallet connections to check the list of applications and websites their wallet is connected.
When in doubt, crypto trades should seek advice from cybersecurity experts or the wallet service provider to get the best guidance.
