Over 4k Solana users lost more than $4 million to phishing attacks last month Over 4k Solana users lost more than $4 million to phishing attacks last month
One of the prominent attackers of last month has already made a profit of over $1 million by converting stolen USDC to ETH using AllBridge.
2 min read
Updated: Jan. 14, 2024 at 4:49 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Phishing scammers have siphoned off over $4 million from Solana wallets in December 2023, according to estimates posted on X by Scam Sniffer, a scams tracker. The attacks affected around 4,000 users, according to the Scam Sniffer.
The stolen assets include those robbed by the rainbow attacker through an airdrop phishing attack. The scammers employed “anti-simluation techniques” that prevented wallets from reflecting changed balances.
When unsuspecting victims tried to claim the airdrop fishing non-fungible tokens (NFTs), they signed malicious transactions allowing the attackers to drain their wallets. The airdrop phishing scammers stole $2.14 million from over 2,189 victims, according to Scam Sniffer.
Another notable scammer was the Solana node drainer, who victimized over 1,700 users and stole more than $2 million in less than two weeks. The node drainer used a Christmas phishing campaign to lure victims.
According to Scam Sniffer, the Solana node drainer bagged over $1 million in profit by converting stolen USDC to Ethereum (ETH) using AllBridge.
Unlike Ethereum, where most thefts happen due to approval issues, on Solana, the main phishing trick involves tricking people into making direct transfers. Solana does support transaction simulation, but some sneaky methods take advantage of anti-simulation measures and fake simulation results. This is done to confuse users and make them more likely to fall for malicious signature schemes.
What is more concerning, however, is that the Solana blockchain does not have a NFT blacklist system that prevents malicious actors from displaying them. This means that the attackers can continue with their phishing campaigns without needing to deploy new fake NFTs to lure victims.
Interestingly, these phishing attacks took place in the same month that Shakeeb Ahmed pleaded guilty to stealing $12 million by exploiting Solana decentralized finance (DeFi) applications in 2022. Ahmed’s guilty plea led to the first smart contract fraud conviction last month. Ahmed is scheduled to be sentenced in March 2024.
Author 
Monika Ghosh
In 2020, Monika immersed herself in crypto, maintaining skepticism yet firmly believing blockchain could address key issues like financial disparity and transparency. A book-lover, she's also a passionate food enthusiast.
Editor Editor 
News Desk
CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.
Latest Solana Stories
In this article
Solana is a high-performance blockchain platform that utilizes a unique consensus algorithm called “Proof of History” to achieve fast transaction speeds and low fees.