There is an Active Drain Attack on Solana Right Now

There is currently widespread news of a large number of Solana wallets being drained due to unauthorized access.

The alleged attack targets any wallet that may have been connected to a dApp, and according to CompendiumFi, it is recommended to disconnect your wallet from any dApp at this current time (time of writing 29/03/2024 13:18pm GMT)

Although the source of the attack is still to be identified, the current narrative points to BONKbot, a Telegram bot capable of executing trades on the Solana network, as the catalyst of the exploit. Developers associated with the project have denied any accusations, while admitting that the “exploits” have indeed surfaced within the broader ecosystem.

Although BONKbot deny that the breach has originated with them, there’s something very interesting they mentioned in their tweet (hopefully you can read the whole tweet above — medium sometimes crops things).

BONK have stated that they noticed the exploited wallets to belong to users who have previously exported their Private keys. Another user in the thread made a very good remark, stating the BONK may have at some point stored this export in plain text, allowing an attacker with easy access to a whole list of private keys.

The issue with this kind of widespread attacks is that very difficult to try and find a root cause for it. A similar incident which took place in August 2022 saw over 8000 Solana wallets drained, with over of $8 million stolen from these wallets.