Scam-as-a-Service on Solana Identified: Here’s What You Need to Know

By Jody McDonald February 12, 2024 In Cryptos, Solana
Source: Adobe Stock
  • Crypto security firm Blowfish has identified a new type of attack impacting Solana, dubbing them ‘bitflip attacks’.
  • ‘Bitflip attacks’ allow seemingly legitimate transactions to be altered after they’ve been cryptographically signed, to drain users’ wallets.
  • Scripts to run ‘bitflip attacks’ are being sold on scam-as-a-service marketplaces, making them much easier to run.
  • Blowfish said it is currently auto-blocking all these attacks on the Solana network as it works toward implementing a permanent solution.

Crypto security firm, Blowfish, has identified a novel class of attack impacting the Solana ecosystem, which it has dubbed a ‘bitflip attack’. Blowfish considers these attacks to be especially dangerous as they allow ostensibly legitimate transactions to be modified in a post-hoc fashion to later drain users’ wallets by ‘flipping’ specific bits to change transaction details.

Worryingly, scripts to run these attacks are being sold on ‘scam-as-a-service’ marketplaces, allowing virtually anyone to run them, even those with little technical expertise.

What The (Bit) Flip?

In an X thread posted on Saturday, Blowfish described these new attacks, explaining it had identified two new ‘drainer’ scripts available on scam marketplaces named ‘Aqua’ and ’Vanish’, that were using the ‘bitflip’ attack.

Essentially, a ‘bitflip’ attack is possible because dApps running on Solana can be given permission to submit transactions and these transactions can include conditional code to either transfer money into a wallet or drain money out of a wallet. 


‘Bitflip’ drainers can flip this conditional even after a transaction has been cryptographically signed. This means that seemingly legitimate transactions can be changed after the fact by these ‘bitflip’ drainer scripts to drain users’ wallets.

Solution In The Works 

Blowfish says it’s been aware of these attacks for a while and has been working with its partners to mitigate their impact. According to Blowfish all these ‘bitflip’ attacks on the Solana network are currently being ‘auto-blocked’ as they work towards implementing a more permanent solution.

The past week has been rough for Solana. ‘Bitflip’ attack revelations are just the latest piece of bad news to hit the network—last week it experienced a significant outage after a relatively long period of uninterrupted uptime in the wake of the high-profile Jupiter airdrop.

Jody McDonald

Jody McDonald

Jody is a Brisbane-based freelance writer who specialises in writing about business, technology, and the future of work.

You may also like