ExchangeDEX+
Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Commodity Zero-Fee Gala
The post Solana Wallet Hack Exposes $3M Loss Through Phishing Attack appeared on BitcoinEthereumNews.com. A recent security case has renewed concerns within the Solana ecosystem after a user lost more than $3 million in a sophisticated phishing incident. The breach exposed a little-known risk within Solana’s account structure and showed how attackers can alter wallet permissions without showing any visible change during signing.  How Attackers Exploit Solana’s Permission Framework SlowMist reported that the attacker gained control of the wallet by modifying its Owner permission through a deceptive signature request. The transaction showed no balance movement, which lowered suspicion.  Moreover, many Solana users assume their account ownership works like Ethereum’s EOAs. Hence, they do not expect ownership to change with a single signature. This misunderstanding creates room for attackers who design transactions that appear harmless while delivering high-risk operations. Additionally, experts note that Solana uses several account types, including normal accounts and PDAs. Token accounts operate under rules enforced by their token program.  These structures improve efficiency but introduce more areas for attackers to target. Significantly, the recent case involved several layers of permission manipulation, which allowed the attacker to route funds through multiple platforms and addresses. Complex Laundering Routes Show Evolving Phishing Methods Investigators at MistTrack traced the attacker’s movements and found rapid, multi-platform fund rotations. The route included cross-chain cycles, CEX deposits, and the reuse of DeFi assets.  Moreover, two major wallet hubs handled most of the transfers, showing a pattern seen in other advanced laundering schemes. The victim also had another $2 million locked in DeFi platforms. Relevant protocol teams helped recover those assets, showing the value of quick reporting. How Solana Users Can Reduce Risk Security firms emphasize caution. Users should verify URLs, confirm transaction details, and avoid interacting with unknown links. Additionally, they should maintain separate wallets for high-risk activities and store valuable assets offline. Moreover, they should avoid unlimited… The post Solana Wallet Hack Exposes $3M Loss Through Phishing Attack appeared on BitcoinEthereumNews.com. A recent security case has renewed concerns within the Solana ecosystem after a user lost more than $3 million in a sophisticated phishing incident. The breach exposed a little-known risk within Solana’s account structure and showed how attackers can alter wallet permissions without showing any visible change during signing.  How Attackers Exploit Solana’s Permission Framework SlowMist reported that the attacker gained control of the wallet by modifying its Owner permission through a deceptive signature request. The transaction showed no balance movement, which lowered suspicion.  Moreover, many Solana users assume their account ownership works like Ethereum’s EOAs. Hence, they do not expect ownership to change with a single signature. This misunderstanding creates room for attackers who design transactions that appear harmless while delivering high-risk operations. Additionally, experts note that Solana uses several account types, including normal accounts and PDAs. Token accounts operate under rules enforced by their token program.  These structures improve efficiency but introduce more areas for attackers to target. Significantly, the recent case involved several layers of permission manipulation, which allowed the attacker to route funds through multiple platforms and addresses. Complex Laundering Routes Show Evolving Phishing Methods Investigators at MistTrack traced the attacker’s movements and found rapid, multi-platform fund rotations. The route included cross-chain cycles, CEX deposits, and the reuse of DeFi assets.  Moreover, two major wallet hubs handled most of the transfers, showing a pattern seen in other advanced laundering schemes. The victim also had another $2 million locked in DeFi platforms. Relevant protocol teams helped recover those assets, showing the value of quick reporting. How Solana Users Can Reduce Risk Security firms emphasize caution. Users should verify URLs, confirm transaction details, and avoid interacting with unknown links. Additionally, they should maintain separate wallets for high-risk activities and store valuable assets offline. Moreover, they should avoid unlimited…

Solana Wallet Hack Exposes $3M Loss Through Phishing Attack

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/12/05 22:29
2 min read
Ambire Wallet
WALLET$0.0085-4.17%
Moonveil
MORE$0.0005943-9.32%
ChangeX
CHANGE$0.00030702-0.10%
Wink
LIKE$0.00165--%
Notcoin
NOT$0.0003965-1.36%

A recent security case has renewed concerns within the Solana ecosystem after a user lost more than $3 million in a sophisticated phishing incident. The breach exposed a little-known risk within Solana’s account structure and showed how attackers can alter wallet permissions without showing any visible change during signing. 

How Attackers Exploit Solana’s Permission Framework

SlowMist reported that the attacker gained control of the wallet by modifying its Owner permission through a deceptive signature request. The transaction showed no balance movement, which lowered suspicion. 

Moreover, many Solana users assume their account ownership works like Ethereum’s EOAs. Hence, they do not expect ownership to change with a single signature. This misunderstanding creates room for attackers who design transactions that appear harmless while delivering high-risk operations.

Additionally, experts note that Solana uses several account types, including normal accounts and PDAs. Token accounts operate under rules enforced by their token program. 

These structures improve efficiency but introduce more areas for attackers to target. Significantly, the recent case involved several layers of permission manipulation, which allowed the attacker to route funds through multiple platforms and addresses.

Complex Laundering Routes Show Evolving Phishing Methods

Investigators at MistTrack traced the attacker’s movements and found rapid, multi-platform fund rotations. The route included cross-chain cycles, CEX deposits, and the reuse of DeFi assets. 

Moreover, two major wallet hubs handled most of the transfers, showing a pattern seen in other advanced laundering schemes. The victim also had another $2 million locked in DeFi platforms. Relevant protocol teams helped recover those assets, showing the value of quick reporting.

How Solana Users Can Reduce Risk

Security firms emphasize caution. Users should verify URLs, confirm transaction details, and avoid interacting with unknown links. Additionally, they should maintain separate wallets for high-risk activities and store valuable assets offline. Moreover, they should avoid unlimited approvals and review every permission request carefully.

Source: https://coinpaper.com/12892/solana-user-loses-3-m-as-hidden-wallet-permissions-exploited

Market Opportunity
Ambire Wallet Logo
Ambire Wallet Price(WALLET)
$0.0085
$0.0085$0.0085
0.00%
USD
Ambire Wallet (WALLET) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#DeFi#CEX

You May Also Like

Italy becomes first EU country to pass comprehensive AI law

Italy becomes first EU country to pass comprehensive AI law

Italy has formally passed a sweeping new law to regulate artificial intelligence, becoming the first member of the European Union to roll out comprehensive legislation in step with the bloc’s landmark AI Act. The Italian Senate granted final approval after a year of debate, concluding what Prime Minister Giorgia Meloni’s government described as a decisive […]
Share
Cryptopolitan2025/09/18 04:00
Metaplanet Forms Bitcoin-Focused Subsidiaries in Japan and the U.S.

Metaplanet Forms Bitcoin-Focused Subsidiaries in Japan and the U.S.

The post Metaplanet Forms Bitcoin-Focused Subsidiaries in Japan and the U.S. appeared on BitcoinEthereumNews.com. Metaplanet (3350), the largest bitcoin BTC$116,183.54 treasury company in Japan, said it established two subsidiaries — one in Japan and one in the U.S. — and bought the bitcoin.jp domain name as it strengthens its commitment to the largest cryptocurrency. Bitcoin Japan Inc., will be based in Tokyo and manage a suite of bitcoin-linked media, conferences and online platforms, including the internet domain and Bitcoin Magazine Japan. The U.S. unit, Metaplanet Income Corp., will be based in Miami and focus on generating income from bitcoin-related financial products, including derivatives, the company said in a post on X. Metaplanet noted it launched a bitcoin income generation business in the last quarter of 2024 and aims to further scale these operations through the new subsidiary. Both the wholly owned subsidiaries are led in part by Metaplanet CEO Simon Gerovich. Earlier this month, the firm brought its bitcoin holdings to over 20,000 BTC. It’s currently the world’s sixth-largest bitcoin treasury company, with 20,136 BTC in its balance sheet, according to BitcoinTreasuries data. The leading firm, Strategy (MSTR), has 638,985 BTC. The subsidiaries are being established shortly after the company announced plans to raise a net 204.1 billion yen ($1.4 billion) in an international share sale to bolster its BTC holdings. Metaplanet stock dropped 1.16% on Wednesday. Source: https://www.coindesk.com/business/2025/09/17/metaplanet-sets-up-u-s-japan-subsidiaries-buys-bitcoin-jp-domain-name
Share
BitcoinEthereumNews2025/09/18 06:12
[LIVE] Crypto News Today: Latest Updates for Sept. 18, 2025 – Bitcoin Pushes Towards $118K as Fed Rate Cut Sparks Broad Crypto Rally

[LIVE] Crypto News Today: Latest Updates for Sept. 18, 2025 – Bitcoin Pushes Towards $118K as Fed Rate Cut Sparks Broad Crypto Rally

Follow up to the hour updates on what is happening in crypto today, September 18. Market movements, crypto news, and more!
Share
Coinstats2025/09/18 12:23

Trending News

More

Italy becomes first EU country to pass comprehensive AI law

Metaplanet Forms Bitcoin-Focused Subsidiaries in Japan and the U.S.

[LIVE] Crypto News Today: Latest Updates for Sept. 18, 2025 – Bitcoin Pushes Towards $118K as Fed Rate Cut Sparks Broad Crypto Rally

TheWell Bioscience Launches VitroPrime™ 3D Culture and Imaging Plate for Organoid and 3D Cell Culture Workflows

Tom Lee Linked BitMine Scoops Up $82 Million in Ethereum as Institutional Appetite Heats Up

Quick Reads

More

What Is Invesco QQQ Trust (QQQ)?

What Is State Street SPDR S&P 500 ETF Trust (SPY)?

What is Shopify Inc. (SHOP) ?

BTC Price Prediction 2026: Professional Analysis and Investment Strategies

February 5, 2026 Crypto Liquidation Crisis: Largest Mass Liquidation in 90 Days - A Deep Dive Analysis

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$69,488.80
$69,488.80$69,488.80

-0.14%

Ethereum Logo

Ethereum

ETH

$2,057.28
$2,057.28$2,057.28

-0.15%

Solana Logo

Solana

SOL

$85.37
$85.37$85.37

+0.09%

XRP Logo

XRP

XRP

$1.4467
$1.4467$1.4467

+0.04%

Tether Gold Logo

Tether Gold

GOLD(XAUT)

$5,055.4
$5,055.4$5,055.4

+0.37%