New data from a cybersecurity firm reveals that recent phishing scams over smart contract platform Solana () have stolen over $4 million in crypto assets.
In a new blog post, security firm Scam Sniffer says that in the past month alone, bad actors were able to exploit $4.17 million worth of digital assets from about 4,000 victims over the Solana blockchain by using various phishing methods.
“Scam Sniffer first became aware of them when a victim reported an airdrop phishing incident to [SlowMist founder] evilcos. The victim, a holder of ZERO tokens, opened a phishing website linked to an NFT (non-fungible token) that was airdropped, which led to the theft of assets after signing a malicious transaction…
The targeted users, holders of ZERO tokens, were airdropped the phishing NFTs. Curiosity led users to open the phishing website, and even when faced with a message indicating that the simulation failed, they confirmed the transaction. However, the details of the transaction were hidden, and signing it resulted in the theft of assets.”
According to Scam Sniffer, the initial hack hauled in a combined $2.14 million worth of memecoins Bonk (ANALOS and Analysoor (ZERO) among others.
The second volley of exploits saw a haul of about $2.02 million worth of ANALOS, BONK, and Silly Dragon (), another meme asset, as well as decentralized wireless phone network Helium Mobile (
The cybersecurity firm goes on to note that hacks over SOL can only be initiated through direct transaction/signature confirmations and that scammers are continually improving their methods.
”Unlike most thefts on Ethereum, which are due to malicious approval issues, the majority of phishing signatures on Solana involve initiating direct transfers. Although Solana supports transaction simulation, we also see methods that exploit anti-simulation and fake simulation results to confuse users and increase the likelihood of malicious signatures…
As you can see, the phenomenon of wallet drainers is continually expanding, and the blockchain is like a dark forest. With just one signature confirmation, you could lose everything, as these scammers are constantly perfecting their methods of contacting and deceiving victims at every step.
You must stay alert to ensure that you do not become the next victim.”
