Please log in or register to do it.

Security experts at Blowfish reveal the emergence of two Solana drainers, named ‘Aqua’ and ‘Vanish,’ capable of executing bit-flip attacks within on-chain transactions. Discovered on scam-as-a-service platforms, these drainers manipulate conditionals in on-chain data, even after a user’s private key has authorized a transaction. Blowfish’s analysis, disclosed on Feb. 9 via X (formerly Twitter), highlights the availability of these drainers for a fee on scam-as-a-service marketplaces.




Blowfish’s investigation exposes the technique employed by Aqua and Vanish to manipulate data and siphon off funds. The analysis clarifies that on Solana, a decentralized application (dApp) can be granted authority to submit a transaction. If the dApp’s on-chain program features a conditional allowing it to transfer the user’s SOL or deplete their account, a drainer can alter that conditional at any given moment.




Importantly, the drainers initially remain inconspicuous to users. Upon signing what appears to be a legitimate transaction, the victim unwittingly provides authorization. Subsequently, the drainer temporarily withholds the transaction and, through a separate transaction, manipulates the dApp’s conditional, transforming it from seemingly sending SOL to actually taking it.



Bitcoin's $6 Billion Whales Propel Price Surge to $48,000: What's Next for BTC?
European Commission Seeks Public Input on AI Misinformation Guidelines for Election Security

Your email address will not be published. Required fields are marked *