According to Cointelegraph: Web3 security firm, Blowfish, has discovered two new scamming tools, Aqua and Vanish, that are capable of performing bit-flip attacks to drain Solana wallets. The drainers have been found available for purchase on scam-as-a-service marketplaces.
These drainers are capable of manipulating a conditional within an on-chain transaction even after it has been signed using a user's private key. The process involves the victim signing what appears to be a valid transaction, and the drainer then temporarily retaining hold of the transaction before altering the dApp's conditional from seemingly sending SOL to instead draining it.
Bit-flipping attacks are a form of exploitation that enables attackers to alter the value of certain bits within encrypted data and manipulate the system without knowing the encryption key. The decrypted message can often be changed predictably by flipping certain bits.
There has been an increase in the number of crypto drainers targeting the Solana ecosystem, with one of the largest online communities dedicated to a particular Solana wallet draining kit having over 6,000 members as reported in January. According to Brian Carter, a senior intelligence analyst at Chainalysis, the most successful draining kits are capable of targeting various assets in many different ways.
Blowfish has implemented defenses to automatically block these recently discovered drainers and is monitoring on-chain activities to maintain security.
