Web3 security firm Blowfish has detected two new Solana drainers that can perform bit-flip attacks, according to a Feb. 9 analysis shared on X (formerly Twitter).
The drainers, known as ‘Aqua’ and ‘Vanish,’ were flagged modifying a conditional within on-chain data, even after a user’s private key was used to sign a transaction. According to Blowfish, the drainers’ script is available for a fee in marketplaces offering scam-as-a-service tools.
The Blowfish team broke down the drainers’ method to flip data and steal funds. “On Solana, a dApp can be given authority to submit a transaction. If the dApp’s onchain program includes a conditional that allows it to send the user SOL or drain their account, a drainer could flip that conditional at any time,” reads the analysis.
The drainers go unnoticed by users at first. The victim signs what appears to be a valid transaction. However, after receiving the signature, the drainer temporarily holds on to the transaction. “Then, via a separate transaction, they flip the dApp’s conditional; it goes from appearing to send SOL to taking it instead.”
There’s a completely new breed of scams on the loose, and they’re not like anything we’ve seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it’s submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn’t it? pic.twitter.com/VkD4Cbhnh0
— Blowfish (@blowfishxyz) February 9, 2024
A bit-flip attack is a form of exploitation where the attacker changes the value of some bits in the encrypted data to…