Web3 Security Firm Blowfish Reveals 2 New SOL Drainers Offering 'Scam-As-A-Service'

Web3 security company Blowfish has uncovered two new sophisticated Solana (SOL) transaction drainers selling ‘drainer kits’ as a service to execute ‘bit-flip’ attacks. The firm shared its analysis on X (formerly Twitter) in which it identified the drainers ‘Aqua’ and ‘Vanish’, whose drainers' scripts are available for a fee in marketplaces offering scam-as-a-service tools. These ‘drain kits’ can alter data and post-transaction signatures using the user’s private key to completely drain the victim’s wallets leaving nothing behind.

What is the bit-flip drainer scam?

In a bit-flip attack, the scammer intercepts a transaction and alters a crucial condition within the on-chain data. Finally, when the transaction is executed, it is ‘flipped’ and instead of the intended action, the altered transaction drains the victim’s SOL tokens.

Here’s how the scam unfolds

In its post, Blowfish explained how the two drainers execute a bit-flip attack. In the scam, a victim is solicited to sign a transaction that appears to be benign. After this, when the drainer receives the signature, the first step to the scam is done.

In the second step, the scammers flip the dApp’s condition in a separate transaction, and it goes from appearing to send SOL to taking it instead.

Thus, in the final step, the drainer submits the original transaction, which interacts with the now-altered program code, and the victim’s wallet is mysteriously depleted.

Other Forms of SOL Drainer Scams

Malicious Scripts and Smart Contracts: In this, malicious scripts are embedded in applications or websites, which activate when a user interacts with them, starting unauthorized asset transfers.

Phishing and Social Engineering: In this, victims are lured into clicking on malicious links or sharing sensitive wallet information granting access to their wallets to the scammers.

Exploiting Wallet Vulnerabilities: In this, scammers exploit weaknesses in wallet software or user security practices to gain unauthorized access.

Menace of SOL Drainers

Recently, several crypto security firms have sounded the alarm saying malicious drainer applications are on the rise.

A report from blockchain security firm Chainalysis highlighted that one of the largest online communities devoted to a popular Solana wallet drainer kit has over 6,200 members.

In a Cointelegraph report, Chainalysis senior intelligence analyst Brian Carter stated that the most successful draining kits are flexible and target various assets using different methods. He also highlighted Russia's links to the community of developers offering drainer kits for sale, and stated that most of the drainer kits used in crimes today are not specific or limited to Solana.”

Further, Web3 security firm CertiK confirmed that about $77 million was lost to crypto scams in 2024 alone.

How To Be Safe from SOL Drainers

To mitigate the threat, crypto traders can use tools like Wallet Guard, which has implemented protections for Solana drainers.

Further, traders are advised to be wary of unexpected requests for their wallet's credentials or for signing transactions. They should also look out for changes in wallet settings or unfamiliar addresses popping up.

Another sign of a drainer scam is suspicious wallet performance in which the operation becomes slow or erratic. This may indicate the presence of malicious scripts or programs targeting the funds.

Crypto traders are also advised to keep a regular tab on their transaction history to detect anomalies or unauthorized transfers early on.

Traders should audit wallet connections to check the list of applications and websites their wallet is connected.

When in doubt, crypto trades should seek advice from cybersecurity experts or the wallet service provider to get the best guidance.