BlockBeats News, December 3rd, the SlowMist Security Team released a security advisory case. A user recently fell victim to a phishing attack, where the account’s Owner permission was transferred. The user attempted to revoke the authorization but was unable to do so. The user had over $3 million worth of assets stolen, and an additional $2 million worth of assets were deposited in a DeFi protocol but could not be transferred out (currently, this $2 million worth of assets has been successfully rescued with the assistance of the relevant DeFi platform). This attack was not the traditional “authorization theft” but rather a situation where the core permission (Owner permission) was replaced by the attacker, rendering the victim unable to send transactions, revoke authorization, or operate DeFi assets, even though the funds “appear normal” but are no longer under the user’s control.
The attacker exploited two counterintuitive scenarios to successfully deceive the user into clicking:
1. Usually, during transaction signature, the wallet will simulate the execution result of the transaction. If there is a fund change, it will be displayed on the interface. However, the attacker’s carefully crafted transaction had no fund changes.
2. Traditional Ethereum EOA accounts have private key control ownership, and the user may not be aware of Solana’s feature that can modify account ownership.
SlowMist reminds users to be cautious when authorizing signatures, ensuring that there are no hidden operations that modify high-risk permissions like the Owner.
