Experts of the Blowfish Web3 platform specializing in security have discovered two new drainers aimed at Solana (SOL) users. They wrote about this in X (ex. "Twitter").
Aqua and Vanish, new malicious software, can change data after signing a transaction with a user's private key. According to Blowfish, scripts for these drainers are sold on the darknet.
In the Solana blockchain, decentralized applications have the right to send transactions that may contain conditions. They can be changed. This is exactly what the attackers are using. The new software, according to the Blowfish team, works as follows:
- the user signs a seemingly secure transaction to send some amount of SOL;
- the attacker receives this signature and temporarily holds it;
- the cybercriminal then sends a separate transfer in which he modifies the DApp program code;
- when sending an initially signed transaction, the modified program code interacts with it, as a result of which the victim's cryptocurrency leaks from the wallet.
The developers of the security site assured that they have already installed special protection against the found drainers. In addition, they closely monitor their activity on the blockchain.