Reading Time: 2 minutes
- Scammers have employed a new tactic to drain crypto wallets on the Solana blockchain
- Known as bit-flip attack, it involves editing Dapp instructions even after transaction signing
- Researchers have traced the attack to wallet drainers using scam-as-a-service tools
Researchers have unearthed a new method used by scammers to drain wallets, especially those on the Solana blockchain. Known as a bit-flip attack, the malicious actors are manipulating the instructions in a transaction after signing, making it possible for them to fly under the radar. According to the researchers, the tactic enables scammers to hold on to a transaction’s signature after a wallet holder signs a transaction, making it easy to empty a victim’s wallet.
Vanish and Aqua Caught in Action
Blockchain security firm Blowfish revealed that the tactic is being employed by wallet drainers with links to scam-as-a-service providers.
There’s a completely new breed of scams on the loose, and they’re not like anything we’ve seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it’s submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn’t it? pic.twitter.com/VkD4Cbhnh0
— Blowfish (@blowfishxyz) February 9, 2024
Two of these drainers, Vanish and Aqua, have been caught in action changing a Dapp’s instructions, even after a wallet user has already signed a transaction.
According to the web3 security firm, malicious actors can, for example, initiate a transaction with instructions to send SOL to a wallet but later change the instructions from “send to siphon funds” once a user signs the initial transaction.
The new attack vector comes as wallet drainers become a preferred go-to method of stealing funds instead of directly hacking a crypto wallet.
Three weeks ago, for example, malicious actors hacked Rocket Pool’s X (formerly Twitter) account and directed followers to a wallet drainer. Malicious actors have also masked wallet drainers in Google Ads, a tactic that has netted them over $60 million.
Inferno Drainer Shuts Down
In November last year, scam-as-a-service platform Inferno Drainer announced that it’s completely shutting down after helping scammers steal over $70 million. Inferno Drainer has in the past been accused of also targeting users in the NFT space.
With the bit-flip method enabling scammers to manipulate the instructions in a transaction after signing, it’s likely they’ll net more victims and funds.
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Premier Protein, Protein Shake, 8 Flavor Variety Pack, 30g Protein, 1g Sugar, 24 Vitamins & Minerals, Nutrients to Support Immune Health 11.5 Fl Oz (8 Pack)
$25.98 (as of June 24, 2024 21:06 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Dell OptiPlex 5040 SFF Desktop Computer PC Bundle Setup with New 23.8" FHD Monitor Inter Core i5-6600 3.3GHz 4-Cores 8GB 256GB SSD, Keyboard & Mouse, Wi-Fi, Bluetooth, Windows 10 Pro (Renewed)
$184.99 (as of June 25, 2024 21:05 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Bicycle Rider Back Playing Cards, Standard Index, Poker Cards, Premium Playing Cards, Red & Blue, 2 Count (Pack of 1)
$4.89 (as of June 25, 2024 21:04 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Apple AirTag
$26.56 (as of June 25, 2024 21:05 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
