Scam-as-a-Service on Solana Identified: Here's What You Need to Know

Crypto security firm Blowfish has identified a new type of attack impacting Solana, dubbing them ‘bitflip attacks’.
‘Bitflip attacks’ allow seemingly legitimate transactions to be altered after they’ve been cryptographically signed, to drain users’ wallets.
Scripts to run ‘bitflip attacks’ are being sold on scam-as-a-service marketplaces, making them much easier to run.
Blowfish said it is currently auto-blocking all these attacks on the Solana network as it works toward implementing a permanent solution.

Crypto security firm, Blowfish, has identified a novel class of attack impacting the Solana ecosystem, which it has dubbed a ‘bitflip attack’. Blowfish considers these attacks to be especially dangerous as they allow ostensibly legitimate transactions to be modified in a post-hoc fashion to later drain users’ wallets by ‘flipping’ specific bits to change transaction details.

Worryingly, scripts to run these attacks are being sold on ‘scam-as-a-service’ marketplaces, allowing virtually anyone to run them, even those with little technical expertise.

What The (Bit) Flip?

In an X thread posted on Saturday, Blowfish described these new attacks, explaining it had identified two new ‘drainer’ scripts available on scam marketplaces named ‘Aqua’ and ’Vanish’, that were using the ‘bitflip’ attack.

This is how it works:
First, the victim signs a seemingly benign transaction. When the drainer receives the signature, they hold onto it temporarily.
Then, via a separate transaction, they flip the dApp’s conditional; it goes from appearing to send SOL to taking it instead.
— Blowfish (@blowfishxyz) February 9, 2024

Essentially, a ‘bitflip’ attack is possible because dApps running on Solana can be given permission to submit transactions and these transactions can include conditional code to either transfer money into a wallet or drain money out of a wallet.

‘Bitflip’ drainers can flip this conditional even after a transaction has been cryptographically signed. This means that seemingly legitimate transactions can be changed after the fact by these ‘bitflip’ drainer scripts to drain users’ wallets.

Solution In The Works

Blowfish says it’s been aware of these attacks for a while and has been working with its partners to mitigate their impact. According to Blowfish all these ‘bitflip’ attacks on the Solana network are currently being ‘auto-blocked’ as they work towards implementing a more permanent solution.

The good news is that Blowfish has been aware of this potential risk and strategizing with our partners about how to mitigate this attack for a long time.
In <12 hours, we’ve put defenses & monitoring in place, and all such attacks are currently auto-blocked by us.
— Blowfish (@blowfishxyz) February 9, 2024

The past week has been rough for Solana. ‘Bitflip’ attack revelations are just the latest piece of bad news to hit the network—last week it experienced a significant outage after a relatively long period of uninterrupted uptime in the wake of the high-profile Jupiter airdrop.

Credit: Source link