Scam-as-a-Service on Solana Identified: Here’s What You Need to Know

Crypto security firm, Blowfish, has identified a novel class of attack impacting the Solana ecosystem, which it has dubbed a ‘bitflip attack’. Blowfish considers these attacks to be especially dangerous as they allow ostensibly legitimate transactions to be modified in a post-hoc fashion to later drain users’ wallets by ‘flipping’ specific bits to change transaction details.

Worryingly, scripts to run these attacks are being sold on ‘scam-as-a-service’ marketplaces, allowing virtually anyone to run them, even those with little technical expertise.

What The (Bit) Flip?

In an X thread posted on Saturday, Blowfish described these new attacks, explaining it had identified two new ‘drainer’ scripts available on scam marketplaces named ‘Aqua’ and ’Vanish’, that were using the ‘bitflip’ attack.

Essentially, a ‘bitflip’ attack is possible because dApps running on Solana can be given permission to submit transactions and these transactions can include conditional code to either transfer money into a wallet or drain money out of a wallet. 

‘Bitflip’ drainers can flip this conditional even after a transaction has been cryptographically signed. This means that seemingly legitimate transactions can be changed after the fact by these ‘bitflip’ drainer scripts to drain users’ wallets.

Solution In The Works 

Blowfish says it’s been aware of these attacks for a while and has been working with its partners to mitigate their impact. According to Blowfish all these ‘bitflip’ attacks on the Solana network are currently being ‘auto-blocked’ as they work towards implementing a more permanent solution.

The past week has been rough for Solana. ‘Bitflip’ attack revelations are just the latest piece of bad news to hit the network—last week it experienced a significant outage after a relatively long period of uninterrupted uptime in the wake of the high-profile Jupiter airdrop.