In the last month alone, two wallet drainers successfully stole millions of dollars worth of cryptocurrency assets from Solana users, according to a new report based on public blockchain data.
The two program distributors, Rainbow Drainer and Node Drainer, have stolen a total of $4.17 million worth of assets from 3,967 Solana wallets since late November. scam sniffer Dune, a cryptocurrency analysis platform. Most of the thefts occurred after mid-December.
Malicious actors appear to have stolen most of these funds by targeting specific Solana token communities with NFT airdrops and then attaching links to phishing websites to those NFTs. While legitimate airdrops (i.e. free token or NFT releases tied to protocols and apps) have been on the rise recently, social media scams also present real-life prizes.
For example, Rainbow Drainer users target holders of ZERO, the native token of the Solana metaprotocol. analyst, by airdropping an NFT that claims to give you a voucher for 1,000 free ZERO tokens. Curious recipients then clicked on an external link related to the NFT and signed a transaction linking their wallet to the site (presumably to receive free tokens). Within seconds, all digital assets were drained from the unsuspecting user’s wallet.
6/ π Unlike Ethereum, Solana phishing often involves direct transfers, exploiting weaknesses in transaction simulations. pic.twitter.com/Upe7aLfwYP
β Scam Sniffer | Web3 Scam Prevention (@realScamSniffer) January 13, 2024
These attacks using the Rainbow Drainer have netted thieves $2.15 million in profits over the past few weeks. sand analysis. Assets stolen in these attacks include tokens such as BONK, ZERO, USDT, and USDC.
Hackers used Node Drainer to place similar phishing links in Discord groups and to infiltrate and post Twitter accounts, including links from cybersecurity companies and Google subsidiaries. Mandiant. These exploits generated $202.5 million in revenue to Node Drainer distributors, primarily in the form of ANALOS and BONK.
It is unknown how many individuals were behind these attacks, but on-chain evidence suggests that at least a clear portion of the attacks originated from single individuals or small groups.
According to Scam Sniffer, a single wallet address associated with a wallet multiple was used. All Bridge Over $1 million worth of stolen assets were transferred cross-chain to Ethereum, the funds were exchanged from Ethereum to ETH and then transferred back.
While many cryptocurrency scams on Ethereum focus on tricking users into handing over wallet access when they don’t want to, Solana’s malicious attacks often involve hackers tricking unsuspecting users into linking their wallets under false pretenses. . Enriching.
Editor: Andrew Hayward