SlowMist: Beware of Solana Wallet Owner Authority Tampering Attack

By: theblockbeats.news|2025/12/03 11:45:54

Share

copy

BlockBeats News, December 3rd. SlowMist Security Team released a security advisory regarding a recent phishing attack incident. A user fell victim to a phishing attack, resulting in the transfer of the account's Owner permission. The user attempted to revoke the authorization but was unable to do so. The user's assets worth over $3 million were stolen, with an additional $2 million worth of assets stored in a DeFi protocol that could not be transferred (currently, this part of the assets worth around $2 million has been successfully rescued with the assistance of the related DeFi protocol). This attack was not the traditional "authorization theft" but rather a replacement of the core permission (Owner permission) by the attacker, rendering the victim unable to transfer funds, revoke authorization, or operate DeFi assets despite the funds "appearing normal" but being beyond their control.

The attacker exploited two counterintuitive scenarios to successfully deceive the user into clicking:

1. Usually, when signing a transaction, the wallet would simulate the execution result of the transaction. If there were any fund changes, it would be displayed on the user interface. However, the attacker's carefully crafted transaction showed no fund changes;

2. In the traditional Ethereum EOA account, the ownership is controlled by the private key. Users subjectively were unaware that Solana has a feature that can modify account ownership.

SlowMist reminds users to be vigilant when authorizing signatures and to confirm whether there are hidden operations such as modifying high-risk permissions like Owner in them.

You may also like

Ethereum’s ‘Hegota’ Upgrade Expected by Late 2026 as Developers Accelerate Roadmap

Ethereum’s ‘Hegota’ Upgrade Expected by Late 2026 as Developers Accelerate Roadmap

Key Takeaways Ethereum’s next major upgrade, named “Hegota,” is planned for release in the latter part of 2026,…

State of Crypto: Year in Review

State of Crypto: Year in Review

Key Takeaways: 2025 marked a significant year for crypto policy in the U.S., with historic legislation and regulatory…

BTC, ETH, SOL, XRP, and DOGE Trade Higher Amid Precious Metals Rally

BTC, ETH, SOL, XRP, and DOGE Trade Higher Amid Precious Metals Rally

Key Takeaways Bitcoin remained in a tight range between $86,500 and $90,000, showing slight price fluctuations amidst low…

Coinbase CEO Declares Opposition to Reopening the GENIUS Act: A Clash with Bank Lobbying

Coinbase CEO Declares Opposition to Reopening the GENIUS Act: A Clash with Bank Lobbying

Key Takeaways: Coinbase CEO Brian Armstrong criticizes banks for lobbying to reopen the GENIUS Act, seeing it as…

Fed’s ‘Skinny’ Accounts Aim to End Operation Chokepoint 2.0 — Insights from Senator Lummis

Fed’s ‘Skinny’ Accounts Aim to End Operation Chokepoint 2.0 — Insights from Senator Lummis

Key Takeaways: The Federal Reserve’s proposal to offer “skinny” master accounts to crypto companies is seen as a…

2026: Ethereum’s Exponential Scaling with ZK Technology

2026: Ethereum’s Exponential Scaling with ZK Technology

Key Takeaways Ethereum’s transition to zero-knowledge (ZK) proofs is set to dramatically improve transaction speed and scalability, aiming…

Trust Wallet Users Experience $7 Million Loss Due to Hacked Chrome Extension

Trust Wallet Users Experience $7 Million Loss Due to Hacked Chrome Extension

Key Takeaways Trust Wallet faced a significant security breach affecting its Chrome extension, resulting in over $7 million…

Bitcoin Price Dips as Precious Metals Hit Record Highs Amid Rising Geopolitical Tensions

Bitcoin Price Dips as Precious Metals Hit Record Highs Amid Rising Geopolitical Tensions

Key Takeaways Major Slide in Crypto Sector: Cryptocurrencies and crypto-related stocks experienced a notable decline with Bitcoin falling…

Uniswap’s Token Burn and Protocol Fee Initiative Gains Overwhelming Support

Uniswap’s Token Burn and Protocol Fee Initiative Gains Overwhelming Support

Key Takeaways Uniswap’s transformative proposal, known as “UNIfication,” aims to burn UNI tokens and activate protocol fees, establishing…

Ubisoft halts Rainbow Six Siege after hackers give each player $13.3M credits

Ubisoft halts Rainbow Six Siege after hackers give each player $13.3M credits

Key Takeaways A massive security breach in Rainbow Six Siege granted each player $13.3 million worth of in-game…

Ethereum in 2026: Glamsterdam and Hegota Forks, L1 Scaling and More

Ethereum in 2026: Glamsterdam and Hegota Forks, L1 Scaling and More

Key Takeaways The Ethereum network will experience two major forks in 2026: Glamsterdam and Heze-Bogota, aimed at scaling…

Deep Dive into Aave’s Governance Dilemma and Broader Implications

Deep Dive into Aave’s Governance Dilemma and Broader Implications

Key Takeaways Aave faces an intense community debate regarding control over its brand and assets, highlighting a key…

Most Crypto Treasuries Set to Disappear Amid Grim 2026 Outlook

Most Crypto Treasuries Set to Disappear Amid Grim 2026 Outlook

Key Takeaways The future for digital asset treasury (DAT) companies looks bleak heading into 2026, with many expected…

Circle Platform Promising Tokenized Gold, Silver Swaps Is a ‘Fake,’ Company Says

Circle Platform Promising Tokenized Gold, Silver Swaps Is a ‘Fake,’ Company Says

Key Takeaways: A fraudulent press release claimed that Circle had introduced a platform called CircleMetals for trading tokenized…

Mirae Asset’s Potential Acquisition of Korbit: A $100 Million Venture into Korea’s Crypto Market

Mirae Asset’s Potential Acquisition of Korbit: A $100 Million Venture into Korea’s Crypto Market

Key Takeaways Mirae Asset Group is exploring the acquisition of the South Korean cryptocurrency exchange Korbit, in a…

Uniswap Executes 100M UNI Burn After Fee Switch Approval

Uniswap Executes 100M UNI Burn After Fee Switch Approval

Key Takeaways Uniswap executed a significant token burn of 100 million UNI worth approximately $596 million following governance…

Trump, Tariffs, and Utility Tokens: Animoca’s Yat Siu Says Crypto Finally Has to Mature

Trump, Tariffs, and Utility Tokens: Animoca’s Yat Siu Says Crypto Finally Has to Mature

Key Takeaways The crypto industry has faced numerous challenges in 2025, from Trump-era tariffs to real-world rate pressures,…

Who is creating these ugly Memes?

Who is creating these ugly Memes?

Algorithms are feeding hate, memes are working for scams

Ethereum’s ‘Hegota’ Upgrade Expected by Late 2026 as Developers Accelerate Roadmap

Key Takeaways Ethereum’s next major upgrade, named “Hegota,” is planned for release in the latter part of 2026,…

State of Crypto: Year in Review

Key Takeaways: 2025 marked a significant year for crypto policy in the U.S., with historic legislation and regulatory…

BTC, ETH, SOL, XRP, and DOGE Trade Higher Amid Precious Metals Rally

Key Takeaways Bitcoin remained in a tight range between $86,500 and $90,000, showing slight price fluctuations amidst low…

Coinbase CEO Declares Opposition to Reopening the GENIUS Act: A Clash with Bank Lobbying

Key Takeaways: Coinbase CEO Brian Armstrong criticizes banks for lobbying to reopen the GENIUS Act, seeing it as…

Fed’s ‘Skinny’ Accounts Aim to End Operation Chokepoint 2.0 — Insights from Senator Lummis

Key Takeaways: The Federal Reserve’s proposal to offer “skinny” master accounts to crypto companies is seen as a…

2026: Ethereum’s Exponential Scaling with ZK Technology

Key Takeaways Ethereum’s transition to zero-knowledge (ZK) proofs is set to dramatically improve transaction speed and scalability, aiming…

Popular coins

Latest Crypto News

06:16

Insight: Beware of the "Good News is Priced In" Effect With the New Fed Chair – Uncertainties Will Peak Between July and November

BlockBeats News, December 29th. Nomura Securities issued a warning, predicting that after the new Fed chair takes office in May next year, he will lead a rate cut in June. However, with the recovery of the U.S. economy, strong internal opposition within the Fed to further rate cuts may weaken not on...

06:16

Flow: Validator consensus has been achieved, and the network is entering the remediation and testing phase

BlockBeats News, December 29th: Flow's official statement on the attack has been released. Validator consensus has been reached, accepting the proposed software upgrade solution. The network is currently entering the recovery and testing phase.The Flow network has come back online and started produc...

06:16

Solana-based Meme Coin WhiteWhale Surges Briefly to $60 Million Market Cap, Up 65.6% in 24 Hours

BlockBeats News, December 29, according to GMGN market data, Solana-based Meme coin WhiteWhale's market cap briefly exceeded $60 million, reaching a historical high, with a 24-hour trading volume of $4.9 million and a 24-hour price surge of 65.6%.BlockBeats reminds users that Meme coins are highly v...

06:16

Brevis Announces Launch of Airdrop Registration and Eligibility Verification Portal

BlockBeats News, December 29, Brevis, a ZK-Proof Smart Verifiable Computation platform, announced that the airdrop registration and eligibility verification portal is now live. Users need to verify their eligibility before they can apply. The application channel will be open from December 29 to Janu...

05:46

A Whale Flips Long to Short, Opening a Short Position of Over $91 Million in Major Coins

BlockBeats News, December 29, according to Hyperinsight monitoring, a whale closed its long positions for BTC, SOL, and ZEC today, then began opening short positions. Current positions are as follows:Short $47.8 million worth of BTC at 20x leverage, average entry price $88,959.5, with a floating los...

Customer Support：@weikecs

Business Cooperation：@weikecs

Quant Trading & MM：[email protected]

VIP Services：[email protected]

App