Scammers Employ Bit-flip Attack to Drain Crypto Wallets

Reading Time: 2 minutes
  • Scammers have employed a new tactic to drain crypto wallets on the Solana blockchain
  • Known as bit-flip attack, it involves editing Dapp instructions even after transaction signing
  • Researchers have traced the attack to wallet drainers using scam-as-a-service tools

Researchers have unearthed a new method used by scammers to drain wallets, especially those on the Solana blockchain. Known as a bit-flip attack, the malicious actors are manipulating the instructions in a transaction after signing, making it possible for them to fly under the radar. According to the researchers, the tactic enables scammers to hold on to a transaction’s signature after a wallet holder signs a transaction, making it easy to empty a victim’s wallet. 

Vanish and Aqua Caught in Action

Blockchain security firm Blowfish revealed that the tactic is being employed by wallet drainers with links to scam-as-a-service providers.

Two of these drainers, Vanish and Aqua, have been caught in action changing a Dapp’s instructions, even after a wallet user has already signed a transaction.

According to the web3 security firm, malicious actors can, for example, initiate a transaction with instructions to send SOL to a wallet but later change the instructions from “send to siphon funds” once a user signs the initial transaction.

The new attack vector comes as wallet drainers become a preferred go-to method of stealing funds instead of directly hacking a crypto wallet.

Three weeks ago, for example, malicious actors hacked Rocket Pool’s X (formerly Twitter) account and directed followers to a wallet drainer. Malicious actors have also masked wallet drainers in Google Ads, a tactic that has netted them over $60 million.

Inferno Drainer Shuts Down

In November last year, scam-as-a-service platform Inferno Drainer announced that it’s completely shutting down after helping scammers steal over $70 million. Inferno Drainer has in the past been accused of also targeting users in the NFT space.

With the bit-flip method enabling scammers to manipulate the instructions in a transaction after signing, it’s likely they’ll net more victims and funds.