Web3 security firm Blowfish has recently detected two new Solana drainers capable of performing bit-flip attacks. These drainers, known as Aqua and Vanish, were flagged for modifying a conditional within on-chain data, even after a user’s private key was used to sign a transaction1.
How Do These Drainers Work?
- Conditional Manipulation: On the Solana blockchain, a decentralized application (dApp) can be authorized to submit a transaction. If the dApp’s on-chain program includes a conditional that allows it to send the user SOL (the native token of Solana) or drain their account, a drainer could flip that conditional at any time.
- Victim Unaware: Initially, the victim signs what appears to be a valid transaction. However, after receiving the signature, the drainer temporarily holds onto the transaction. Then, via a separate transaction, they flip the dApp’s conditional, causing it to appear as if it’s sending SOL but actually taking it instead.
There’s a completely new breed of scams on the loose, and they're not like anything we've seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it's submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn't it? pic.twitter.com/VkD4Cbhnh0
— Blowfish (@blowfishxyz) February 9, 2024
Bit-Flip Attacks Explained
A bit-flip attack is a form of exploitation where an attacker changes specific bits in encrypted data to manipulate a system. By flipping these bits, the attacker can modify the encrypted message without knowing the encryption key. In the case of Solana drainers, this manipulation occurs within the blockchain itself, affecting users’ assets1.
Growing Threat to Solana Ecosystem
The Solana ecosystem has seen a rising number of crypto drainers. According to Chainalysis, one of the largest online communities devoted to a single Solana wallet drainer kit had over 6,000 members as of January. These kits can target various assets in different ways, making them a significant concern for users and security experts alike.
Stay Vigilant
While the Blowfish team has put defenses in place to automatically block the newly discovered drainers, it’s essential for Solana users to remain vigilant. Always verify transactions carefully, especially when dealing with conditional operations, and consider additional security measures to protect your assets.