Beware of Solana Phishing Attacks: Wallet Owner Permissions May Be Altered

Background

Recently, we acquired a request for help from a consumer who fell sufferer to a phishing assault on the identical day. The consumer found irregular authorization data of their pockets and was unable to revoke the permissions. The affected pockets deal with offered is 9w2e3kpt5XUQXLdGb51nRWZoh4JFs6FL7TdEYsvKq6Wb.

Through our on-chain evaluation, we discovered that the Owner permission of the consumer’s account had already been transferred to the deal with GKJBELftW5Rjg24wP88NRaKGsEBtrPLgMiv3DhbJwbzQ. In addition, the consumer had already misplaced greater than USD 3 million in property, and one other USD 2 million price of property had been locked in DeFi protocols and couldn’t be moved. (This portion of roughly USD 2 million has since been efficiently recovered with the help of the related DeFi protocols.)

The sufferer tried to provoke a switch from the compromised account to their very own deal with to confirm management, however all transactions failed. This scenario is very just like the regularly seen “ .

About SlowMist

SlowMist is a menace intelligence agency centered on blockchain safety, established in January 2018. The agency was began by a group with over ten years of community safety expertise to turn into a worldwide drive. Our purpose is to make the blockchain ecosystem as safe as attainable for everybody. We are actually a famend worldwide blockchain safety agency that has labored on numerous well-known tasks akin to HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, and so forth.

SlowMist presents a range of companies that embody however aren’t restricted to safety audits, menace info, protection deployment, safety consultants, and different security-related companies. We additionally supply AML (Anti-money laundering) software program, MistEye (Security Monitoring), SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and different SaaS merchandise. We have partnerships with home and worldwide companies akin to Akamai, BitDefender, RC², TianJi Partners, IPIP, and so forth. Our in depth work in cryptocurrency crime investigations has been cited by worldwide organizations and authorities our bodies, together with the United Nations Security Council and the United Nations Office on Drugs and Crime.

By delivering a complete safety resolution personalized to particular person tasks, we will determine dangers and forestall them from occurring. Our group was capable of finding and publish a number of high-risk blockchain safety flaws. By doing so, we may unfold consciousness and lift the safety requirements within the blockchain ecosystem.