A recent phishing incident has resulted in a Solana user losing a substantial amount of money. Scam Sniffer, a Web3 anti-scam platform, reported that the victim lost approximately $40,000 in $BONK and $SOL tokens on October 24th. The platform took to social media to discuss the impact of the phishing attack.
The latest post from Scam Sniffer highlights the vulnerabilities in signing blockchain transfers that were exposed by the Solana phishing attack. The victim fell victim to the attack while attempting to sign what appeared to be a routine signature request. However, this seemingly innocent action handed control over to the attacker, who proceeded to drain the victim’s wallet. As a result, the victim’s $SOL holdings and token accounts were compromised.
Solana allows unauthorized individuals to gain control over a user’s assets if the user signs a transaction or grants access. It is crucial for consumers to understand the risks associated with signature requests. While Solana’s fast block speed contributes to network efficiency, it also poses certain risks. Scam Sniffer emphasizes that this speed difference creates a disconnect between the on-chain state and the wallet simulation state.
This attack vector is not new, as similar cases have been reported in the past. These scams exploit the differences between the simulation and on-chain states. Scam Sniffer advises Solana users to avoid signing requests from suspicious or unfamiliar sources. It is also important to double-check transactions before authorizing any unusual access requests. Solana encourages users to thoroughly scrutinize applications and websites that request access, as phishing scams often originate from compromised or fake websites.
