SCAM-AS-A-SERVICE: NEW SOLANA DRAINERS IDENTIFIED
The drainers, available on scam-as-a-service marketplaces, can flip a conditional within an on-chain transaction.
Web3 security firm Blowfish has detected two new Solana drainers that can perform bit-flip attacks, according to a Feb. 9 analysis shared on social media platform X.
The drainers, Aqua and Vanish, were flagged modifying a conditional within on-chain data, even after a user’s private key was used to sign a transaction. According to Blowfish, the drainers’ script is available for a fee in marketplaces offering scam-as-a-service tools.
The Blowfish team broke down the method used by the drainers to flip data and steal funds: “On Solana, a dApp can be given authority to submit a transaction. If the dApp’s on-chain program includes a conditional that allows it to send the user SOL or drain their account, a drainer could flip that conditional at any time,” reads the analysis.
The drainers go unnoticed by users at first. The victim signs what appears to be a valid transaction. However, after receiving the signature, the drainer temporarily holds on to the transaction. “Then, via a separate transaction, they flip the dApp’s conditional; it goes from appearing to send SOL to taking it instead.”
A bit-flip attack is a form of exploitation where the attacker changes the value of some bits in the encrypted data to manipulate a system. It allows the attacker to modify the encrypted message without knowing the encryption key. By flipping specific bits, an attacker can sometimes change a message in a predictable way once it’s decrypted.
A rising number of crypto drainers have targeted the Solana ecosystem. According to Chainalysis, one of the largest online communities devoted to a single Solana wallet drainer kit had over 6,000 members as of January. Brian Carter, Chainalysis senior intelligence analyst, told Cointelegraph in a previous interview that the most successful draining kits can target many assets in various ways.