Web3 Security Firm Blowfish Reveals 2 New SOL Drainers Offering 'Scam-As-A-Service'

Web3 Security Firm Blowfish Reveals 2 New SOL Drainers Offering 'Scam-As-A-Service'
Cover Image Source: Pexels | Photo by Tima Miroshnichenko

Web3 security company Blowfish has uncovered two new sophisticated Solana (SOL) transaction drainers selling ‘drainer kits’ as a service to execute ‘bit-flip’ attacks. The firm shared its analysis on X (formerly Twitter) in which it identified the drainers ‘Aqua’ and ‘Vanish’, whose drainers' scripts are available for a fee in marketplaces offering scam-as-a-service tools. These ‘drain kits’ can alter data and post-transaction signatures using the user’s private key to completely drain the victim’s wallets leaving nothing behind.


Also Read: Woman Refrains from Tipping Over 'Sweetheart' Gesture; Sparks Online Debate

In a bit-flip attack, the scammer intercepts a transaction and alters a crucial condition within the on-chain data. Finally, when the transaction is executed, it is ‘flipped’ and instead of the intended action, the altered transaction drains the victim’s SOL tokens.



Also Read: Chinese Business Owner Wins $96 Million Lottery Jackpot, Largest In Country’s History

In its post, Blowfish explained how the two drainers execute a bit-flip attack. In the scam, a victim is solicited to sign a transaction that appears to be benign. After this, when the drainer receives the signature, the first step to the scam is done.

In the second step, the scammers flip the dApp’s condition in a separate transaction, and it goes from appearing to send SOL to taking it instead.

Also Read: Houston's 20-Year-Old Entrepreneur Gets Support After Target Plans To Pull Her Popular Sauce Off Shelves

Thus, in the final step, the drainer submits the original transaction, which interacts with the now-altered program code, and the victim’s wallet is mysteriously depleted.

Malicious Scripts and Smart Contracts: In this, malicious scripts are embedded in applications or websites, which activate when a user interacts with them, starting unauthorized asset transfers.

Phishing and Social Engineering: In this, victims are lured into clicking on malicious links or sharing sensitive wallet information granting access to their wallets to the scammers.

Exploiting Wallet Vulnerabilities: In this, scammers exploit weaknesses in wallet software or user security practices to gain unauthorized access.


Recently, several crypto security firms have sounded the alarm saying malicious drainer applications are on the rise.


A report from blockchain security firm Chainalysis highlighted that one of the largest online communities devoted to a popular Solana wallet drainer kit has over 6,200 members.

In a Cointelegraph report, Chainalysis senior intelligence analyst Brian Carter stated that the most successful draining kits are flexible and target various assets using different methods. He also highlighted Russia's links to the community of developers offering drainer kits for sale, and stated that most of the drainer kits used in crimes today are not specific or limited to Solana.”

Further, Web3 security firm CertiK confirmed that about $77 million was lost to crypto scams in 2024 alone.

To mitigate the threat, crypto traders can use tools like Wallet Guard, which has implemented protections for Solana drainers.


Further, traders are advised to be wary of unexpected requests for their wallet's credentials or for signing transactions. They should also look out for changes in wallet settings or unfamiliar addresses popping up.

Another sign of a drainer scam is suspicious wallet performance in which the operation becomes slow or erratic. This may indicate the presence of malicious scripts or programs targeting the funds.

Crypto traders are also advised to keep a regular tab on their transaction history to detect anomalies or unauthorized transfers early on.

Traders should audit wallet connections to check the list of applications and websites their wallet is connected.

When in doubt, crypto trades should seek advice from cybersecurity experts or the wallet service provider to get the best guidance.


Apple Scammed With Fake iPhones in the Name of Repair

Why TikTok Went the YouTube Way and Embraced the Long Videos Trend

Share this article:  Web3 Security Firm Blowfish Reveals Two New SOL Drainers Offering 'Scam-As-A-Service'