ArecentphishingattacktargetingaSolanauserhasresultedinsignificantlosses.AsperScamSniffer,aWeb3anti-scamplatform,theSoalnauserreportedlylostnearly$40,000in$BONKand$SOLtokenswiththeincidenttakingplaceonthe24thofOctober.Theanti-scamplatformtooktosocialmediatodiscusstheimpactofthephishingattack.
⚠️4daysago,avictimlostaround$40,000in$SOLand$Bonkaftersigningaphishingsignature.💸https://t.co/zfEXvOKQoBpic.twitter.com/AvDAW8O7o2
—ScamSniffer|Web3Anti-Scam(@realScamSniffer)October26,2024
RecentPhishingAttackonSolanaUserLetstheAttackerDraintheWallet
InitslatestXpost,ScamSnifferpointedoutthattheSolanaphishingattackdenotesvulnerabilitiesinsigningblockchaintransfers.Thevictimexperiencedthephishingattackwhileendeavoringtosignaseeminglystandardrequestforsignature.Nonetheless,thisinnocuousinteractionmaliciouslygavecontroltotheattackerwhodrainedthewallet.Hence,thisattemptresultedinacompromiseonthe$SOLholdingsandtokenaccountsofthevictim.
InSolana,someonecangetunapprovedcontroloveravictim’sassetsifthevictimsignsthetransactionorgrantsaccess.Thismakesitcriticalforconsumerstocomprehendtherisksthatthesignaturerequestspose.Solana’sexclusivecharacteristicsincludeaswiftblockspeed,contributingtothenetworkefficiency,nevertheless,itcanposesomerisks.ScamSnifferassertedthattherespectivespeeddifferencedevelopsabreakbetweentheon-chainstateandthewalletsimulationstate.
ScamSnifferEncouragesSolanaUserstoScrutinizeAccessRequestsandDouble-CheckTransactions
Therespectiveattackvectordoesnotappearnew.Formerly,someothersuchcaseshavealsobeenreported.Thesescamsexploitedthesimulationandon-chaindifferences.AccordingtoScamSniffer,Solanausersneedtostayawayfromsigningrequestscomingfromsuspiciousorunfamiliarsources.Additionally,theyneedtodouble-checktransactionsbeforeauthorizingastrangeaccessrequest.Moreover,Solanaencouragesuserstoscrutinizeapplicationsandsitesthatrequestaccess,becausephishingscamsmostlyoriginatefromcompromisedorfakewebsites.
blockchainreporter.net