New Scam Drainers Identified in Solana

Blowfish exposes two new Solana scam drainers, Aqua and Vanish, exploiting bit-flip attacks in the scam-as-a-service market.

See more

There’s a completely new breed of scams on the loose, and they're not like anything we've seen before!

Imagine: a transaction that appears safe when you sign it, but the moment it's submitted on chain, it suddenly drains your assets.

Sounds like a nightmare, doesn't it? pic.twitter.com/VkD4Cbhnh0

— Blowfish (@blowfishxyz) February 9, 2024

In a recent analysis on February 9, shared through the social media platform X, the Web3 security entity, Blowfish, unveiled the emergence of two sophisticated Solana scam drainers. These malicious entities, named Aqua and Vanish, exhibit a novel threat in the digital currency landscape, leveraging a tactic known as a bit-flip attack. Moreover, this technique manipulates a transaction’s conditional statement even after the transaction receives authentication through a user’s private key.

The marketplace for scam-as-a-service tools, where these drainers are obtainable for a fee, presents a burgeoning risk to digital asset security. Additionally, Blowfish’s investigation highlights how these drainers intricately alter on-chain data to illicitly siphon funds from unsuspecting users.

Aqua and Vanish operate by exploiting a vulnerability within the Solana blockchain’s transaction protocol. When a decentralized application (dApp) on Solana submits a transaction, it can, under certain conditions, either transfer Solana (SOL) tokens to a user or drain their account. The drainers take advantage of this by modifying the conditional post-signature, flipping it to divert SOL tokens to themselves instead of executing the intended transaction.

Cyber Manipulation

This bit-flip attack method, a sophisticated form of cyber manipulation, alters encrypted data’s bit values to change the outcome of a transaction. Attackers execute this without needing to crack the encryption key, demonstrating a significant security challenge.

Blowfish’s proactive measures have introduced automated defenses to thwart these new drainers, alongside vigilant monitoring of on-chain activities to prevent future theft. Moreover, the discovery points to an escalating trend in crypto drainers targeting the Solana ecosystem, underscoring the need for enhanced security protocols and awareness among users.

Lastly, Chainalysis, a leading blockchain analysis company, has shed light on the extent of this issue. It noted a single Solana wallet drainer kit community boasting over 6,000 members by January. This revelation, according to Chainalysis senior intelligence analyst Brian Carter, underscores the sophistication and broad reach of these scam kits, capable of targeting multiple assets through diverse methods.