Hackers have discovered a way to burn tokens directly from users' wallets in the Solana ecosystem.
They do this using the "Permanent Delegate" function, a legitimate feature that can be misused in the wrong hands.
Scammers burn tokens to either profit off the chaos that follows, reduce the circulating supply, or manipulate token prices.
It's important to carefully review transactions before approving and only choose secure DeFi platforms.
In a world of rug pulls and fraud, crypto scams appear to be evolving, and Solana users might be the latest victims.
According to new reports, hackers have figured out a new and scary method to manipulate tokens.
In detail, these bad actors have found a way to exploit an in-built Solana token feature to burn a user's crypto holdings remotely from within their wallets.
When victims get hit by this kind of scam, they end up confused and out of funds, with their crypto there in one minute and gone in the next.
Here's everything to know and how you can protect yourself.
So far, recent reports have surfaced about Solana users buying tokens—only to check again and watch them vanish when their wallets reload.
This issue has been traced back to scammers using a Solana feature called "Permanent Delegate".
Keep in mind that this feature is a legitimate part of Solana's Token 2022 standard, with legit use cases.
However, when used with the right (or wrong) intent, it can grant anyone unrestricted privileges over a user’s wallet, allowing them to burn or transfer tokens without limitations.
A new scam in town
Web3 Strategist Slorg, who is also a member of Jupiter's Core Working Group in Solana, was the first to notice this new trend.
According to the analyst, scammers are using this feature to "rug-pull" victims.
In one instance, a user bought a token named "RED," only to have it all burned within seconds after the initial transaction.
The victim’s wallet and explorer history showed that the transaction clearly happened, but the tokens themselves were nowhere to be found.
As mentioned, the "Permanent Delegate" extension is a legit feature of the Solana ecosystem and has its own set of real-world use cases.
For example, consider a scenario where tokens are accidentally transferred to the wrong user or one where a user's tokens are rendered inaccessible for some reason.
It allows a qualified developer to resolve these issues before they become a big problem quickly.
The feature can even be used for automatic payments and refunds and can be quite powerful when used correctly.
However, Solana’s docs also mention that this feature can be a "double-edged sword" at times.
Despite its valid use cases, it can also be exploited by anyone, as the scammers have demonstrated so far.
When the wrong person gains unrestricted control over a token, they can transfer tokens at will, burn them or steal them altogether with no remedy.
The real question is, why are scammers burning tokens instead of stealing them outright?
It happens that there might be several reasons why a hacker would choose to burn rather than run off with funds.
One reason is that some scammers simply enjoy causing panic. By burning tokens, they can create confusion and frustration among users and possibly profit from the chaos that follows.
Another major reason is to manipulate a token’s circulating supply.
This technique has been used extensively by other projects like Shiba Inu, where if a large enough amount of tokens is burned off the circulating supply, the remainder have a good enough chance of rallying.
Scammers can burn tokens to artificially reduce the number of tokens in circulation and cause "stability" of sorts in the token's price.
This is especially useful if they control a large part of its supply.
As the scams unfold, it almost appears as if nobody is safe. However, it is very important to exercise caution when interacting with any token on the Solana blockchain.
According to Slorg, users should follow a routine when making swaps or other transactions.
To do this, everyone should consider reading all the information presented during the transaction carefully, before approving.
Tools and exchanges like Jupiter have built-in functions to alert users when a token's "Permanent Delegate" extension is active. So, investors should consider choosing their DeFi platforms based on more security than cheap fees.
Overall, the rise of this new scam only shows the changing nature of threats in the crypto space and the growing need to remain vigilant.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information but will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.