Blowfish Unveils Two New Solana Drainers, Aqua and Vanish, Capable of Stealthy Bit-Flip Attacks

In a recent development, Blowfish, a Web3 security firm, has uncovered two new Solana drainers, ‘Aqua’ and ‘Vanish,’ capable of executing bit-flip attacks within on-chain transactions. The alarming revelation was shared in a detailed analysis on X (formerly Twitter) on February 9.

These drainers, available for a fee on scam-as-a-service marketplaces, were observed manipulating conditionals within on-chain data, even after the user’s private key had been utilized for transaction signing. Blowfish dissected the drainers’ methodology, highlighting the potential for unauthorized flipping of conditionals by dApps with transaction authority on Solana.

The victims initially remain unaware as they sign what appears to be a legitimate transaction. However, the drainer temporarily withholds the transaction after receiving the signature. Subsequently, through a separate transaction, the drainers strategically flip the dApp’s conditional, altering it from seemingly sending SOL to instead siphoning funds from the user.

Bit-flip attacks involve manipulating encrypted data by altering specific bits, allowing attackers to modify decrypted messages without knowledge of the encryption key. This latest revelation adds to the growing number of crypto drainers targeting the Solana ecosystem. Chainalysis reports a surge in Solana wallet drainer kit communities, with one boasting over 6,000 members as of January.

To counter these threats, Blowfish has implemented defensive measures to automatically block the newly identified drainers while actively monitoring on-chain activities. As the crypto space continues to face evolving security challenges, the industry remains vigilant in adapting and fortifying defenses against such sophisticated attacks.