Blockchain Security Firm Chainalysis Reports Solana Wallet Drainer Community
Blockchain security firm Chainalysis has identified a significant online community engaged in Solana wallet-draining activities, boasting over 6,000 members.
The Threat of Solana Wallet Drainers
Concerns have risen within the blockchain security community about the escalating presence of malicious decentralized applications (dApps) targeting Solana users through wallet-draining schemes. Brian Carter, a senior intelligence analyst at Chainalysis, highlights the versatility of successful draining kits, capable of targeting various assets through different methods. He notes a connection between drainer kit developers and Russia, with much of the documentation in Russian.
Carter points out the existence of a particularly successful Solana drainer kit promoted across multiple channels by the same developer. Notably, these drainer kits are not limited to Solana and extend their reach to other blockchain networks.
Mitigating the Threat
To address this growing threat, Carter suggests using tools like Wallet Guard, which now includes protections specifically designed to counter Solana drainers. He emphasizes the common attack vector of phishing through malicious links, exploiting users’ fear of missing out and spamming DeFi communities with seemingly legitimate links that lead to fraudulent websites. Compromised social media accounts and Discord communities are often used to promote these malicious links.
Rapid Proliferation of Solana Drainer Kits
According to CertiK, cybercriminals started offering Solana drainer kits to scammers in December. These kits are typically sold on private hacker chat groups and the dark web, with prices starting as low as $250 per month, as evidenced by screenshots shared by CertiK.
Solana drainer kits are designed to facilitate cyber theft by draining funds from digital wallets, primarily through phishing scams that trick victims into entering their wallet details on counterfeit websites.
Joe Green, an analyst at CertiK, notes that it’s currently unclear how much has been stolen across all Solana drainers, but some instances involve the provider taking a percentage of the stolen assets, similar to the modus operandi of Ethereum Virtual Machine (EVM) drainers.
Targeting the Solana Ecosystem
While phishing on the Solana network is not a new phenomenon, the resurgence in the price of SOL has attracted cybercriminals to focus on targeting individuals within the ecosystem. Solana’s price has witnessed a remarkable increase of over 400% in the past three months.
Web3 security firm Blockaid reported a significant incident where one particular Solana drainer managed to steal hundreds of thousands of dollars’ worth of SOL and SPL tokens. These drainers are known for their high level of sophistication, deceiving the simulations used by Solana wallets and leading users to unknowingly sign malicious transactions.