The drainers, available on scam-as-a-service marketplaces, can flip a conditional within an on-chain transaction.
Web3 security firm Blowfish has detected two new Solana drainers that can perform bit-flip attacks, according to a Feb. 9 analysis shared on X (formerly Twitter).
The drainers, known as ‘Aqua’ and ‘Vanish,’ were flagged modifying a conditional within on-chain data, even after a user’s private key was used to sign a transaction. According to Blowfish, the drainers’ script is available for a fee in marketplaces offering scam-as-a-service tools.
The Blowfish team broke down the drainers’ method to flip data and steal funds. “On Solana, a dApp can be given authority to submit a transaction. If the dApp’s onchain program includes a conditional that allows it to send the user SOL or drain their account, a drainer could flip that conditional at any time,” reads the analysis.