Solana Faces Security Threat as Blowfish Detects Drainer Risk

Web3 security firm Blowfish has recently discovered two new types of Solana drainers, ‘Aqua’ and ‘Vanish.’ These harmful programs can be exploited to steal users’ cryptocurrency by modifying the transaction conditions even after the users’ private keys have approved the transaction. This revelation signifies the increasing complexity of cyber threats in the blockchain environment and the necessity of improved security mechanisms.

Surge In Solana Drainers

The discovery of Aqua and Vanish has sounded the alarm within the Solana network, as these drainers work by utilizing the authority granted to decentralized applications (dApps) to submit transactions on behalf of users. 

Through the change of a conditional in the transaction data, these drainers are capable of switching from sending to draining SOL from the account of the victimized user. This bit-flip attack method, which involves modifying the value of bits within encrypted data to affect the outcome of transactions, has become a deadly weapon in the hands of hackers focusing on the Solana network.

The Spread of Scam-as-a-Service

Blowfish’s investigation shows that Aqua and Vanish scripts are being sold in SaaS (scam-as-a-service) tool marketplaces, which makes it possible for the threat actor to run these stealers without deep technical expertise. 

The commercialization of cybercrime tools has led to a rise in the number of attacks aimed at cryptocurrency users, with Solana becoming the primary target alongside its growing popularity. According to Chainalysis, a considerable community is formed for a Sellana wallet drainer kit consisting of over 6,000 people, illustrating the ubiquitous nature of the threat.

Drainer Dangers Prevention Efforts

In reply to the detection of Aqua and Vanish, Blowfish has deployed defenses designed to thwart these two drainers automatically and is closely tracking on-chain activity for suspicious activities. Nevertheless, the difficulty remains considerable since threat actors always develop new techniques and ways to avoid security measures. 

The participation of Russian developers in the creation and distribution of these drainers, which usually have Russian documentation attached, gives an international angle to the cybersecurity problems of the Solana community.

Additionally, the wider blockchain security community is gathering to confront this emerging danger. In this respect, Wallet Guard is designed for users who wish to defend themselves against such attacks since the latter usually starts with phishing attempts. By leveraging social engineering techniques, the attackers attract victims to fake DeFi platforms that look like legitimate ones and prompt them to approve malicious transactions.

Read Also: Bitcoin (BTC) Addresses in Profit Tops 90% as Price Eyes $50K