Malicious Solana Wallet Security Update Raked in Millions

Hackers use several types of Malware to disrupt and gain unauthorized access to data and information. One such Malware that has continued to erode people of their digital assets and disguise them as a trusted update is the NFT airdrop targeting Solana cryptocurrency users. 

Previous Solana Wallet Hacks

In the past few weeks, Non-fungible token holders have reported several theft cases and malfunctioning of their Solana wallets. In a report, about 8,000 wallets fell victim to similar Malware and lost about $8 million worth of digital assets. 

After a while, the Malware was analyzed, and results showed that unknown hackers had sent NFT airdrops to Solana cryptocurrency users. These airdrops are not airdrops in their real form; they are Malware disguised as airdrops for unsuspecting NFT holders. 

These hackers understand that holders of NFTs and enthusiasts are always anxious to receive airdrops. So they used that as bait. The first thing they did was to pose as members of the Phantom wallet security update; then they sent these messages "PHANTOMUPDATE.COM" or "UPDATEPHANTOM.COM." 

How Was the Hack Executed

Every individual who fell victim thought it was a standard update message from the Phantom wallet security team, and they clicked on the link.

So once you click on the link thinking that a new security update for the Phantom wallet has been released and can be downloaded, your wallet gets compromised. Thereby giving hackers access to your browser data, history, cookies, passwords, SSH keys, and other information. 

Interestingly, the hackers attached a prompt message that if you fail to click on the link and download the update (which in its real sense is Malware), it "may result in loss of funds due to hackers exploiting the Solana network." 

Another finding also showed that Solana's wallet service, Slope, had security vulnerabilities and easily compromised users' data.

This vulnerability and the Malware automatically downloaded from GitHub when you click the "update" link are intended to steal your crypto tokens, other digital assets, and data from your wallet.  

Past Malware Hacks

It is important to know that this is not the first time Malware has been deployed to steal people's funds. One such Malware that went viral was the Mars Stealer, who stole crypto tokens from unsuspecting users. The Malware, popularly called Mars Stealer, is an upgrade of the Oski trojan. In 2019, Mars Stealer was used to targeting over 40 browser-based crypto wallets.  

The Malware also targets two-factor authentication (2FA) extensions with a grabber function deployed to steal users' private keys.

As blockchain protocol and wallet developers improve their security architecture, hackers are devising several ways to compromise them.

To keep your wallet safe, it is therefore important to be wary of updates and ensure they are from trusted parties.