Solana users urged to revoke app permissions amid massive drain attack

According to reports, Solana may be under attack from massive drain operations linked to meme coins. Developers are advising users to safeguard their assets by withdrawing app authorizations.

In simple terms, there are claims that the Solana network is facing a series of drain attacks, resulting in several reports of unauthorized access and financial losses for users. To protect their assets, developers of decentralized applications on the Solana blockchain advise users to withdraw their permissions, thereby shielding their funds from potential misuse by ill-intentioned individuals.

Alert: Many reports are circulating about Solana wallets being emptied without a known perpetrator. It’s advisable to log out of connected apps for now.

— Compendium (@CompendiumFi) March 29, 2024

The source of the attack is not definitively known, but some suspect BONKbot, a Telegram trading bot based in the Solana system, as a possible instigator. Yet, those linked to the project reject these allegations, acknowledging that vulnerabilities have emerged in the wider community instead.

The BONKbot is secure itself, but issues such as exploits exist in other parts of the ecosystem. Our records indicate that all drained user accounts had previously shared their private keys. Additionally, wallets not associated with BONKbot are also being affected. Users who didn’t share their keys with BONKbot are unaffected.

— BONKbot (@bonkbot_io) March 29, 2024

Based on reports from the BONKbot team, individuals whose wallets were hacked had previously exported their private keys. The team reassured users who didn’t perform this action, stating “Users of BONKbot who didn’t export their keys are secure.”

The Solana ecosystem has experienced a major drain attack before, as reported by in October 2022. This incident led to significant losses for over thousands of users, totaling over $5 million. The attack is believed to have originated from Slope Finance, with many affected addresses linked to the wallet application’s creation, importation, or usage.

Read More

2024-03-29 15:41