English
Arabic
Chinese (Simplified)
Indonesian
Russian
Phishing scammers have siphoned off over $4 million from Solana wallets in December 2023, in line with estimates posted on X by Rip-off Sniffer, a scams tracker. The assaults affected round 4,000 customers, in line with the Rip-off Sniffer.
The stolen property embody these robbed by the rainbow attacker via an airdrop phishing assault. The scammers employed “anti-simluation strategies” that prevented wallets from reflecting modified balances.
When unsuspecting victims tried to say the airdrop fishing non-fungible tokens (NFTs), they signed malicious transactions permitting the attackers to empty their wallets. The airdrop phishing scammers stole $2.14 million from over 2,189 victims, in line with Rip-off Sniffer.
One other notable scammer was the Solana node drainer, who victimized over 1,700 customers and stole greater than $2 million in lower than two weeks. The node drainer used a Christmas phishing marketing campaign to lure victims.
In accordance with Rip-off Sniffer, the Solana node drainer bagged over $1 million in revenue by changing stolen USDC to Ethereum (ETH) utilizing AllBridge.
Not like Ethereum, the place most thefts occur attributable to approval points, on Solana, the primary phishing trick entails tricking individuals into making direct transfers. Solana does assist transaction simulation, however some sneaky strategies reap the benefits of anti-simulation measures and faux simulation outcomes. That is completed to confuse customers and make them extra prone to fall for malicious signature schemes.
What’s extra regarding, nonetheless, is that the Solana blockchain doesn’t have a NFT blacklist system that stops malicious actors from displaying them. Because of this the attackers can proceed with their phishing campaigns with no need to deploy new pretend NFTs to lure victims.
Curiously, these phishing assaults came about in the identical month that Shakeeb Ahmed pleaded responsible to stealing $12 million by exploiting Solana decentralized finance (DeFi) functions in 2022. Ahmed’s responsible plea led to the primary sensible contract fraud conviction final month. Ahmed is scheduled to be sentenced in March 2024.