Over 4k Solana users lost more than $4 million to phishing attacks last month

Phishing scammers have siphoned off over $4 million from Solana wallets in December 2023, in response to estimates posted on X by Rip-off Sniffer, a scams tracker. The assaults affected round 4,000 customers, in response to the Rip-off Sniffer.

The stolen resources comprise those robbed by the rainbow attacker by method of an airdrop phishing assault. The scammers employed “anti-simluation tactics” that averted wallets from reflecting changed balances.

When unsuspecting victims tried to yell the airdrop fishing non-fungible tokens (NFTs), they signed malicious transactions permitting the attackers to drain their wallets. The airdrop phishing scammers stole $2.14 million from over 2,189 victims, in response to Rip-off Sniffer.

Another famous scammer was the Solana node drainer, who victimized over 1,700 customers and stole extra than $2 million in lower than two weeks. The node drainer historical a Christmas phishing advertising and marketing campaign to trap victims.

In step with Rip-off Sniffer, the Solana node drainer bagged over $1 million in profit by converting stolen USDC to Ethereum (ETH) the use of AllBridge.

Not like Ethereum, where most thefts occur attributable to approval elements, on Solana, the most well-known phishing trick entails tricking of us into making convey transfers. Solana does strengthen transaction simulation, nonetheless some sneaky ideas take hang of profit of anti-simulation measures and mistaken simulation results. Right here is carried out to confuse customers and draw them extra likely to fall for malicious signature schemes.

What is extra pertaining to, nonetheless, is that the Solana blockchain doesn’t have a NFT blacklist scheme that prevents malicious actors from showing them. This implies that the attackers can proceed with their phishing campaigns without desiring to deploy unusual mistaken NFTs to trap victims.

Interestingly, these phishing assaults took position in the an analogous month that Shakeeb Ahmed pleaded guilty to stealing $12 million by exploiting Solana decentralized finance (DeFi) applications in 2022. Ahmed’s guilty plea ended in the first beautiful contract fraud conviction closing month. Ahmed is scheduled to be sentenced in March 2024.