A recent cyber attack aimed at a user of the Solana blockchain has resulted in significant financial losses. According to Scam Sniffer, a platform dedicated to combating scams in the Web3 space, the victim lost approximately $40,000 in $BONK and $SOL tokens due to the incident, which occurred on October 24th. Scam Sniffer took to social media to discuss the impact of this phishing attack.
In a recent blog post, Scam Sniffer highlighted that this phishing attack on Solana exposes vulnerabilities in the process of signing blockchain transfers. The victim fell victim to the attack while attempting to sign what appeared to be a normal signature request. However, this seemingly harmless action actually granted control to the attacker, who proceeded to drain the victim’s wallet. Consequently, the victim’s $SOL holdings and token accounts were compromised.
In the Solana ecosystem, unauthorized individuals can gain control over a user’s assets if the user signs a transaction or grants access. This underscores the importance of users understanding the risks associated with signature requests. While Solana’s fast block speed enhances network efficiency, it also introduces certain risks. Scam Sniffer emphasized that the speed difference between the on-chain state and the wallet simulation state creates a gap that can be exploited by attackers.
This particular attack vector is not new, as similar cases have been reported in the past. These scams capitalize on the disparities between the simulation and on-chain states. Scam Sniffer advises Solana users to exercise caution when it comes to signing requests from unfamiliar or suspicious sources. It is crucial to double-check transactions before authorizing any unusual access requests. Additionally, Solana urges users to carefully scrutinize applications and websites that request access, as phishing scams often originate from compromised or counterfeit sites.
