About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.

Web3 Security Firm Blowfish Reveals 2 New SOL Drainers Offering 'Scam-As-A-Service'

These two drainers provide ‘drainer kits’ that alter transaction data to drain the victim’s wallets
Cover Image Source: Pexels | Photo by Tima Miroshnichenko
Cover Image Source: Pexels | Photo by Tima Miroshnichenko

Web3 security company Blowfish has uncovered two new sophisticated Solana (SOL) transaction drainers selling ‘drainer kits’ as a service to execute ‘bit-flip’ attacks. The firm shared its analysis on X (formerly Twitter) in which it identified the drainers ‘Aqua’ and ‘Vanish’, whose drainers' scripts are available for a fee in marketplaces offering scam-as-a-service tools. These ‘drain kits’ can alter data and post-transaction signatures using the user’s private key to completely drain the victim’s wallets leaving nothing behind.


In a bit-flip attack, the scammer intercepts a transaction and alters a crucial condition within the on-chain data. Finally, when the transaction is executed, it is ‘flipped’ and instead of the intended action, the altered transaction drains the victim’s SOL tokens.


In its post, Blowfish explained how the two drainers execute a bit-flip attack. In the scam, a victim is solicited to sign a transaction that appears to be benign. After this, when the drainer receives the signature, the first step to the scam is done.

In the second step, the scammers flip the dApp’s condition in a separate transaction, and it goes from appearing to send SOL to taking it instead.

Thus, in the final step, the drainer submits the original transaction, which interacts with the now-altered program code, and the victim’s wallet is mysteriously depleted.

Malicious Scripts and Smart Contracts: In this, malicious scripts are embedded in applications or websites, which activate when a user interacts with them, starting unauthorized asset transfers.

Phishing and Social Engineering: In this, victims are lured into clicking on malicious links or sharing sensitive wallet information granting access to their wallets to the scammers.

Exploiting Wallet Vulnerabilities: In this, scammers exploit weaknesses in wallet software or user security practices to gain unauthorized access.


Recently, several crypto security firms have sounded the alarm saying malicious drainer applications are on the rise.


A report from blockchain security firm Chainalysis highlighted that one of the largest online communities devoted to a popular Solana wallet drainer kit has over 6,200 members.

In a Cointelegraph report, Chainalysis senior intelligence analyst Brian Carter stated that the most successful draining kits are flexible and target various assets using different methods. He also highlighted Russia's links to the community of developers offering drainer kits for sale, and stated that most of the drainer kits used in crimes today are not specific or limited to Solana.”

Further, Web3 security firm CertiK confirmed that about $77 million was lost to crypto scams in 2024 alone.

To mitigate the threat, crypto traders can use tools like Wallet Guard, which has implemented protections for Solana drainers.


Further, traders are advised to be wary of unexpected requests for their wallet's credentials or for signing transactions. They should also look out for changes in wallet settings or unfamiliar addresses popping up.

Another sign of a drainer scam is suspicious wallet performance in which the operation becomes slow or erratic. This may indicate the presence of malicious scripts or programs targeting the funds.

Crypto traders are also advised to keep a regular tab on their transaction history to detect anomalies or unauthorized transfers early on.

Traders should audit wallet connections to check the list of applications and websites their wallet is connected.

When in doubt, crypto trades should seek advice from cybersecurity experts or the wallet service provider to get the best guidance.