Solana: Phishing attacks cost users $4 million last month
- Nearly 4,000 people fell victim to sophisticated phishing websites.
- Solana was deemed the most vulnerable when it came to phishing incidents.
Malicious players stole crypto assets worth more than $4 million from Solana [SOL] wallets over the past month, according to an investigation by Web3 anti-scam platform Scam Sniffer.
Nearly 4,000 people fell victim to sophisticated phishing websites that preyed on Solana users.
As part of the investigation, Scam Sniffer tracked down two main perpetrators in the entire episode — Rainbow Drainer and Node Drainer.
Solana users attacked
The first incident came to light when a victim was duped into opening a phishing website linked to a fake airdrop of non-fungible tokens (NFTs). The user opened the website and signed a malicious transaction, resulting in a loss of assets.
Many more users were targeted using the same modus operandi by Rainbow Drainer.
Surprisingly, before finalizing the transaction, users received a notification indicating that the simulation had failed. Despite this, they went ahead and ended up losing funds.
Notably, around $2.14 million were drained out, including some popular Solana ecosystem tokens like BONK and ZERO.
The next phishing incident surfaced during Christmas that targeted BONK holders, resulting in the extraction of over $2 million in less than two weeks.
One address associated with Node drainer has already made over $1 million in profit as of this writing.
The perpetrator here, called Node Drainer, was also involved in the recent hacking of cybersecurity firm Mandiant’s X (formerly Twitter) account, Scam Sniffer revealed.
Scam Sniffer stated that phishing incidents on Solana involve direct transfers, unlike Ethereum [ETH].
Even though Solana supports transaction simulation, evolved hacking strategies like anti-simulation and even fake simulation continue to deceive users.
How much are 1,10,100 SOLs worth today?
Rise in phishing incidents
In one of the earlier reports, Scam Sniffer highlighted the alarming increase in the number of phishing websites every month. This was also in line with the steady growth of wallet drainer services.
Be wary of fake airdrops
In one of the incidents discussed earlier, airdrops were used as a weapon to wipe out funds. Such cases require extra prudence from the users, and it’s always advisable to research before jumping on the offer.
One should take time to know more about the project, and other investors who are participating in it. Needless to say, stick to official sources and spot red flags like sending any kind of crypto asset before being able to claim airdropped tokens.