A recent security incident has raised concerns in the Solana community when a user lost over 3 million USD due to sophisticated phishing. The incident exposed risks in Solana’s account structure, where an attacker can change the Owner permission without initiating a fund transfer transaction, making it difficult for victims to detect. Many users mistakenly believe that ownership works the same way as on Ethereum, so they don’t realize that a single signature can alter the entire wallet’s permissions.
According to SlowMist and MistTrack, the attacker manipulated multiple layers of permissions, then cycled assets through cross-chain, CEX, and DeFi platforms, demonstrating increasingly sophisticated money laundering techniques. The victim also had 2 million USD locked in DeFi, which was successfully recovered thanks to timely reporting.
Experts recommend users carefully check URLs, transaction details, avoid suspicious links, use separate wallets for risky activities, limit granting unlimited permissions, and scrutinize every signature request.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Solana ecosystem app Believe founder indicted in New York over an alleged rug pull scam
Gate News update, April 14, Solana ecosystem application Believe founder Pasternak was indicted in a New York court for allegedly participating in a crypto rug pull scam. The case involves the Solana public chain ecosystem and is suspected to be related to losses of several million dollars. Pasternak, as the person in charge of the Believe project, is accused of using the project to carry out fraudulent acts, causing significant financial losses to investors. The case is currently under review, and relevant details have not yet been fully disclosed.
GateNews2h ago
FTX’s Alameda Moves $16 Million SOL in Ongoing Creditor Repayment
Alameda Research has transferred $16 million worth of Solana tokens linked to FTX creditor repayments, following a pattern of past transactions. Despite these moves, Alameda retains a significant holding of 3.5 million SOL, potentially impacting market liquidity.
Coinpedia8h ago
Squads Emergency Alert: Address poisoning and forged multisig accounts; a whitelist mechanism will go live
Solana ecosystem multi-signature agreement Squads issued a warning, pointing out that attackers launched an address poisoning attack against users by using fake accounts to trick users into making unauthorized transfers. Squads confirmed that there was no loss of funds and emphasized that this is a social engineering attack rather than a protocol vulnerability. To respond, Squads has implemented protective measures such as a warning system, non-interactive account prompts, and a whitelist mechanism. This incident reflects the growing social engineering threats in the Solana ecosystem and has prompted ongoing security reviews.
MarketWhisper9h ago
