In a significant security breach, over 4,000 Solana users lost more than $4 million to phishing attacks in December 2023. The data, provided by Scam Sniffer, a scams tracker, reveals that the stolen assets were primarily taken by the rainbow attacker through an airdrop phishing attack. The attackers used “anti-simulation techniques” that prevented wallets from reflecting changed balances.

Victims were tricked into claiming airdrop fishing non-fungible tokens (NFTs), signing malicious transactions that allowed the attackers to drain their wallets. The airdrop phishing scammers stole $2.14 million from over 2,189 victims. Another scammer, known as the Solana node drainer, victimized over 1,700 users and stole more than $2 million in less than two weeks using a Christmas phishing campaign.

The Solana node drainer made over $1 million in profit by converting stolen USDC to Ethereum (ETH) using AllBridge. Unlike Ethereum, where most thefts occur due to approval issues, the main phishing trick on Solana involves tricking people into making direct transfers. Solana does support transaction simulation, but some methods exploit anti-simulation measures and fake simulation results to confuse users and make them more likely to fall for malicious signature schemes.

Adding to the concern is the fact that the Solana blockchain does not have an NFT blacklist system that prevents malicious actors from displaying them. This allows the attackers to continue their phishing campaigns without needing to deploy new fake NFTs to lure victims.

These phishing attacks occurred in the same month that Shakeeb Ahmed pleaded guilty to stealing $12 million by exploiting Solana decentralized finance (DeFi) applications in 2022. Ahmed’s guilty plea led to the first smart contract fraud conviction last month. He is scheduled to be sentenced in March 2024.

This News Article was automatically generated by Bob the Bot (AI)

Information Details
Geography Global
Sentiment very negative
Relevance Score 1
People Shakeeb Ahmed
Companies Solana, AllBridge, Scam Sniffer
Currencies Solana, Ethereum, USDC
Securities None

Leave a Reply