Phishing scammers have siphoned off over $4 million from Solana wallets in December 2023, in line with estimates posted on X by Rip-off Sniffer, a scams tracker. The assaults affected round 4,000 customers, in line with the Rip-off Sniffer.
The stolen belongings embrace these robbed by the rainbow attacker by way of an airdrop phishing assault. The scammers employed “anti-simluation strategies” that prevented wallets from reflecting modified balances.
When unsuspecting victims tried to assert the airdrop fishing non-fungible tokens (NFTs), they signed malicious transactions permitting the attackers to empty their wallets. The airdrop phishing scammers stole $2.14 million from over 2,189 victims, in line with Rip-off Sniffer.
One other notable scammer was the Solana node drainer, who victimized over 1,700 customers and stole greater than $2 million in lower than two weeks. The node drainer used a Christmas phishing marketing campaign to lure victims.
In accordance to Rip-off Sniffer, the Solana node drainer bagged over $1 million in revenue by changing stolen USDC to Ethereum (ETH) utilizing AllBridge.
Not like Ethereum, the place most thefts occur attributable to approval points, on Solana, the principle phishing trick entails tricking individuals into making direct transfers. Solana does help transaction simulation, however some sneaky strategies make the most of anti-simulation measures and pretend simulation outcomes. That is carried out to confuse customers and make them extra more likely to fall for malicious signature schemes.
What’s extra regarding, nevertheless, is that the Solana blockchain doesn’t have a NFT blacklist system that forestalls malicious actors from displaying them. Which means the attackers can proceed with their phishing campaigns without having to deploy new faux NFTs to lure victims.
Apparently, these phishing assaults came about in the identical month that Shakeeb Ahmed pleaded responsible to stealing $12 million by exploiting Solana decentralized finance (DeFi) purposes in 2022. Ahmed’s responsible plea led to the primary sensible contract fraud conviction final month. Ahmed is scheduled to be sentenced in March 2024.
