- Scammers have employed a new tactic to drain crypto wallets on the Solana blockchain
- Known as bit-flip attack, it involves editing Dapp instructions even after transaction signing
- Researchers have traced the attack to wallet drainers using scam-as-a-service tools
Researchers have unearthed a new method used by scammers to drain wallets, especially those on the Solana blockchain. Known as a bit-flip attack, the malicious actors are manipulating the instructions in a transaction after signing, making it possible for them to fly under the radar. According to the researchers, the tactic enables scammers to hold on to a transaction’s signature after a wallet holder signs a transaction, making it easy to empty a victim’s wallet.
Vanish and Aqua Caught in Action
Blockchain security firm Blowfish revealed that the tactic is being employed by wallet drainers with links to scam-as-a-service providers.
There’s a completely new breed of scams on the loose, and they’re not like anything we’ve seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it’s submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn’t it? pic.twitter.com/VkD4Cbhnh0
— Blowfish (@blowfishxyz) February 9, 2024
Two of these drainers, Vanish and Aqua, have been caught in action changing a Dapp’s instructions, even after a wallet user has already signed a transaction.
According to the web3 security firm, malicious actors can, for example, initiate a transaction with instructions to send SOL to a wallet but later change the instructions from “send to siphon funds” once a user signs the initial transaction.
The new attack vector comes as wallet drainers become a preferred go-to method of stealing funds instead of directly hacking a crypto wallet.
Three weeks ago, for example, malicious actors hacked Rocket Pool’s X (formerly Twitter) account and directed followers to a wallet drainer. Malicious actors have also masked wallet drainers in Google Ads, a tactic that has netted them over $60 million.
Inferno Drainer Shuts Down
In November last year, scam-as-a-service platform Inferno Drainer announced that it’s completely shutting down after helping scammers steal over $70 million. Inferno Drainer has in the past been accused of also targeting users in the NFT space.
With the bit-flip method enabling scammers to manipulate the instructions in a transaction after signing, it’s likely they’ll net more victims and funds.