On the wallet drain string attack Solana It may eventually be tied to Telegram trading bots, although the team behind the popular boncobot denies that the exploit is linked to the application.
Several reports of Solana bags being emptied from their SOL home have surfaced on Twitter over the past several hours, with some users pointing the finger at BONKbot, the popular app behind the group. Solana mm coin BONK It enables the buying and selling of Solana-based tokens through the Telegram messaging app.
Early Friday, BONKbot He denied the claimsAny victim who has used the Telegram bot in the past suggests that users are more likely to export their private keys and use them in other applications.
“BONKbot is secure – but there are exploits brewing elsewhere in the ecosystem!” The team wrote on Twitter. “Our logs show that every user account being leaked has already exported their private keys. Non-BONKbot wallets are also being leaked. BONKbot users who haven't exported their keys are safe.”
The group on Friday afternoon He shared an update. It says it has tracked 302 total wallet victims so far, swiping about 2,808 SOL — or about $523,000 at current prices. BONKbot said that 113 of these victims had previously used the bot, but all had sent their private keys (PKs) elsewhere.
“Our analysis strongly suggests that the exploit occurred from victims entering PKs into a specific application,” BONKbot tweeted. The group, however, did not disclose the alleged application in question. Decrypt He decided to get an explanation but didn't get an immediate response.
According to an analysis from BONKbot, the largest single victim lost just over 500 SOL, or about $93,000, in the attack.
There is widespread speculation on Twitter that rival Telegram trading bot Solarium may be out of private keys. The group answered on Twitter Twitter user acknowledged “over there [may be] An opportunity we took,” however, the Solarem team went on the defensive. Of course there were victims.
“Until we confirm that we are actually using it, we will announce it publicly. Otherwise, this is a possible scenario,” they wrote. “There are other used wallets that don't create wallets through our bot or submit their picks to our site.”
Decrypt Solareum was contacted for comment but did not immediately receive a response.
Edited by Ryan Ozawa.
Stay on top of crypto news, get daily updates in your inbox.
