慢雾：警惕Solana钱包Owner权限篡改攻击

BlockBeats News, December 3 – The SlowMist security team has issued a security alert regarding a recent phishing attack. A user recently fell victim to a phishing scam, resulting in the transfer of their account’s Owner permissions. When the user attempted to revoke authorization, they were unable to do so. The user has already lost assets valued at over $3 million, while another $2 million worth of assets remain locked in DeFi protocols and could not be transferred (as of now, these assets, worth about $2 million, have been successfully rescued with the help of the relevant DeFi protocols). This attack differs from traditional “authorization theft” in that the core permission (Owner permission) was replaced by the attacker. As a result, the victim was unable to transfer funds, revoke authorizations, or operate DeFi assets. While the funds appeared “normal,” they were no longer under the victim’s control. The attacker used two counterintuitive scenarios to successfully trick the user into clicking: 1) During a typical transaction signature, wallets simulate the outcome of the transaction; if there is a change in funds, it will be displayed in the interface. However, the attacker’s carefully crafted transaction involved no change in funds; 2) In traditional Ethereum EOA accounts, private keys control ownership, so users may not realize that on Solana, account ownership can be modified. SlowMist reminds users to be vigilant when signing authorizations and to check whether operations such as modifying Owner or other high-risk permissions are hidden within the transaction.