Solana is allegedly facing large-scale drain attacks tied to meme coins, with developers urging users to secure assets by revoking app permissions.
The Solana ecosystem is allegedly grappling with a wave of drain attacks, leading to numerous reports of financial losses due to unauthorized access. Blockchain developers have urged users on X to revoke their permissions from decentralized applications in an effort to isolate their funds from potential exploitation by malicious actors.
🚨 There is currently widespread news of wallets being drained on Solana with no culprit yet to be identified.
We recommend disconnecting from applications at this time.
— Compendium (@CompendiumFi) March 29, 2024
You might also like: Stablecoin protocol Prisma Finance hacked for over $11m
Although the precise origin of the attack remains unclear, some have implicated BONKbot, a Telegram trading bot operating within the Solana network, as a potential catalyst for the breach. However, developers associated with the project have denied any accusations, while admitting that the “exploits” have indeed surfaced within the broader ecosystem.
TLDR: BONKbot is SAFE – but there are exploits being triggered elsewhere in the ecosystem!
Our logs show that every user account being drained has previously exported their private keys. There are also non-BONKbot wallets being drained. BONKbot users who did not export their…
— BONKbot (@bonkbot_io) March 29, 2024
According to statements from the BONKbot team, victims whose wallets were compromised had previously exported their private keys. The team also emphasized that users who refrained from such actions remain unaffected, asserting that “BONKbot users who did not export their keys are SAFE.”
This incident is not the first instance of the Solana ecosystem facing a significant drain attack. In October 2022, crypto.news reported on a large-scale exploit in the ecosystem that impacted thousands of users, amounting to over $5 million in total losses. The incident purportedly originated from Slope Finance, with numerous affected addresses linked to its creation, importation, or utilization within the mobile wallet application.
Read more: Ledger library flaw affects SushiSwap, Revoke.cash dapps
Read the full article here