Blowfish exposes ‘aqua, vanish’ bit-flip drainers on Solana
Web3 security company Blowfish recently detected a pair of sophisticated Solana (SOL) transaction drainers capable of executing elusive bit-flip attacks.
The firm’s Feb. 9 analysis details how these drainers — dubbed aqua and vanish — can alter a condition in on-chain data post-transaction signature by the user’s private key.
These dangerous scripts lurking under the transactional radar are being peddled on the dark web, offering scammers a scam-as-a-service toolkit.
The Blowfish examination highlights the drainers’ adept use of the on-chain authority provided to decentralized apps (dapps), enabling them to switch from transaction facilitators to malicious account-draining entities.
According to the security firm, the troubling aspect of these attacks is their stealth; victims initially see valid transactions, which are then intercepted and manipulated by the attackers to extract cryptocurrency from the user’s account.
Such bit-flip attacks threaten transaction integrity by flipping bits in the encrypted data, altering the decrypted message without accessing the encryption key.
The discovery has cast a spotlight on the evolving cyber threat landscape within Solana’s network. This increasing threat is underscored by a Chainalysis report that discloses a large community associated with a Solana wallet drainer kit, teeming with over 6,000 participants as of January.
These drainers symbolize the ease with which cybercriminal tools can now be acquired and employed, particularly as Solana gains traction as a prime target due to its rising fame.
In response to this growing menace, Blowfish stated it had implemented automatic defenses to neutralize these new drainers while continuing to monitor on-chain activity vigilantly.
However, crafting foolproof security remains challenging despite these efforts, as attackers incessantly evolve and refine their avoidance tactics.
The firm’s investigation also unearthed international elements at play, with suspected Russian developers notably involved in crafting and circulating such drainer tools — often accompanied by Russian documentation.
Finally, community solidarity has become crucial in the fight against these threats, with blockchain advocates rallying together to develop and employ protective measures like Wallet Guard, enhancing user defenses against such predatory phishing-oriented attacks.
Zug, Switzerland-based Blowfish works with some 30 customers, including WalletConnect, to help prevent over 500,000 wallet-draining attacks.