Blowfish, a security firm specializing in Web3 technologies, has uncovered two fresh threats targeting the Solana blockchain, labeled as "Aqua" and "Vanish." These entities, termed Solana Drainers, have been identified as capable of executing bit-flip attacks, as detailed in an analysis shared on X (formerly Twitter) on February 9.
These newly discovered drainers, Aqua and Vanish, have raised concerns due to their ability to tamper with on-chain data conditions even after a user's private key has been utilized to sign a transaction. Blowfish's analysis highlights that these drainer scripts are available for purchase on platforms offering "scam-as-a-service" tools.
Blowfish's investigation has revealed the modus operandi of these Solana Drainers. By exploiting a vulnerability in Solana's dApps, wherein permissions are granted for transaction submission, these drainers can manipulate conditions within on-chain programs, potentially resulting in the unauthorized transfer of funds or account depletion.
Initially undetected by users, the drainer executes its scheme following the signing of a seemingly legitimate transaction. Subsequently, the drainer temporarily stalls the transaction and, through a separate action, alters the conditions of the dApp, creating a scenario where it appears to be sending funds but actually receives them instead.
Bit-flip attacks, the method employed by these drainers, involve the manipulation of encrypted data by modifying specific bits, thereby altering the decrypted message without requiring knowledge of the encryption key. This tactic poses a significant threat to the integrity of transactions and user assets within the Solana ecosystem.
The surge in such cryptocurrency-related threats targeting Solana is indicative of a growing trend. As per Chainanalysis data, there has been a notable increase in the number of individuals involved in Solana wallet cleaning toolkits, highlighting the escalating risks faced by users navigating the blockchain landscape.
To mitigate the impact of these emerging threats, the Blowfish team has implemented proactive defensive measures, including automatic blocking of newly identified drainers and continuous monitoring of on-chain activity to preemptively thwart malicious activities.
