Chainalysis reports that the largest community engaged in Solana draining activities comprises over 6,000 members. This surge in SOL wallet drainer activity correlates with the recent surge in SOL prices, making holders of SOL and Solana-based memecoins attractive targets for phishing attempts.
Blockchain security firms have expressed growing concerns over the proliferation of malicious decentralized applications aimed at users utilizing Solana-based drainers. In response to this trend, Chainalysis senior intelligence analyst Brian Carter informed Tronweekly that the most successful drainer kits are characterized by flexibility, employing various methods to target diverse assets.
Carter also highlighted the connection between Russia and a small group of developers selling drainer kits. Notably, the documentation for these kits is often presented in Russian. According to Carter, the largest community dedicated to a specific Solana drainer boasts more than 6,200 members.He said:
“There is really one successful dedicated Solana drainer kit that is promoted in multiple channels that links to the same developer. Most of the drainer kits used in crimes today are not specific or limited to Solana.”
To counter the escalating threat, he recommended employing protective tools such as Wallet Guard, which recently incorporated defenses against SOL drainers. Emphasizing that phishing through malicious links remains a prevalent attack vector, he highlighted the exploitation of people’s FOMO (fear of missing out).
Solana Drainer Kits: A Rising Threat In DeFi Communities
In decentralized finance (DeFi) communities, drainers often spam users with links to seemingly legitimate but ultimately fraudulent websites. Compromised social media accounts and Discord communities frequently serve as conduits for promoting drainer website links.
According to insights from blockchain security firm CertiK, cybercriminals began offering SOL drainer kits to scammers in December. These kits, available for as little as $250 per month, are circulated within private hacker chat groups and the dark web.
Crafted to facilitate cyber theft by draining funds from digital wallets, crypto drainer kits primarily operate through phishing scams, enticing victims to input their wallet details on deceptive websites.
While the exact extent of losses across all SOL drainers remains unclear, CertiK analyst Joe Green highlighted a similar approach observed in Ethereum Virtual Machine (EVM) drainers, where the provider takes a percentage of the stolen assets.
“Phishing on the Solana network isn’t new,” Green noted, “but with the resurgence of Solana’s price, cybercriminals are beginning to focus on targeting individuals in the ecosystem,” as SOL prices have surged more than 400% over the past three months.
On January 2, Web3 security firm Blockaid reported a significant incident where a specific Solana drainer pilfered hundreds of thousands of dollars worth of SOL and SPL tokens.
Describing these drainers as highly sophisticated, Blockaid highlighted their ability to deceive the simulations used by Solana wallets, leading users to unwittingly sign malicious transactions.