- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
SlowMist: Beware of Solana Wallet Owner Authority Tampering Attack
BlockBeats News, December 3rd. SlowMist Security Team released a security advisory regarding a recent phishing attack incident. A user fell victim to a phishing attack, resulting in the transfer of the account's Owner permission. The user attempted to revoke the authorization but was unable to do so. The user's assets worth over $3 million were stolen, with an additional $2 million worth of assets stored in a DeFi protocol that could not be transferred (currently, this part of the assets worth around $2 million has been successfully rescued with the assistance of the related DeFi protocol). This attack was not the traditional "authorization theft" but rather a replacement of the core permission (Owner permission) by the attacker, rendering the victim unable to transfer funds, revoke authorization, or operate DeFi assets despite the funds "appearing normal" but being beyond their control.
The attacker exploited two counterintuitive scenarios to successfully deceive the user into clicking:
1. Usually, when signing a transaction, the wallet would simulate the execution result of the transaction. If there were any fund changes, it would be displayed on the user interface. However, the attacker's carefully crafted transaction showed no fund changes;
2. In the traditional Ethereum EOA account, the ownership is controlled by the private key. Users subjectively were unaware that Solana has a feature that can modify account ownership.
SlowMist reminds users to be vigilant when authorizing signatures and to confirm whether there are hidden operations such as modifying high-risk permissions like Owner in them.
You may also like
Particle Founder: The entrepreneurial insights I have gained the most from in the past year
Huang Renxun's latest podcast transcript: The future of Nvidia, the development of embodied intelligence and agents, the explosion of inference demand, and the public relations crisis of artificial intelligence
OKX Ventures Research Report: AI Agent Economic Infrastructure Research Report (Part 1)
The migration of settlement rights: B18 and the institutional starting point of on-chain banks
From Tencent and Circle: Looking at the Simple and Difficult Questions of Investment
The second half of stablecoins no longer belongs to the crypto circle
Cursor "Shell" Kimi Controversy Reversed: From Copyright Infringement Allegations to Authorized Collaboration, China's Open Source Model Once Again Becomes a Global AI Foundation
The Real Reason Tokens Don't Sell: 90% of Crypto Projects Overlook Investor Relations
Is the income of pump.fun real, earning a million dollars a day despite the market downturn?
The real reason why tokens are not selling: 90% of crypto projects neglect investor relations
Who is the true winner of the "Tokenization" narrative?
Moss: The Era of AI-Traded by Anyone | Project Introduction
Chip Smuggling Case Exposes Regulatory Loophole | Rewire News Evening Update
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Ritmex demonstrates how disciplined risk control and structured signals can make an AI crypto trading bot more stable and reliable on WEEX, highlighting the importance of combining execution discipline with scalable AI trading systems.
Old Indicator Fails, Three Major New Signals Emerge: BTC True Bottom May Still Be Below $60K
Meeting OpenClaw Founder at a Hackathon: What Else Can Lobsters Do?
Huang Renxun's Latest Podcast Transcript: NVIDIA's Future, Embodied Intelligence and Agent Development, Soaring Demand for Inferencing, and AI's PR Crisis
How a Structured AI Crypto Trading Bot Won at the WEEX Hackathon
Crypto_Trade shows how structured inputs and controlled adaptability can build a more stable and reliable AI crypto trading bot within the WEEX AI Trading Hackathon, highlighting a practical path toward scalable AI trading systems.
App