One of the challenges of the cryptocurrency sector is to guarantee the security of these digital funds outside the usual forums. This using wallets dedicated to certain networks, including management remains the responsibility of the owner. A logic of operation which inevitably brings to the fore the very human character of the main (weak) link in this chain. The latter directly targeted by targeted attacks, the latest of which concerns Phantom wallet holders on the Solana network.
Between FUD and chronic dysfunctions, the Solana network is under the fire of critics as well as spotlights. Some would argue that this stems from the fact that it is one of the most serious competitors to Ethereum. Others that his early overconfidence comes back to him in the face, in the form of a digital karma operation. But anyway, the period has not always been good for this blockchain since the beginning of the year.
A chain of problems to which was added a flaw in some of his wallets, during the month of August. With the discreet but systematic emptying of several thousand of them at a frantic pace. And even if it seemed to come from the project slopehis counterpart phantom also emerged as a potential culprit. The latter currently under the blow ofa targeted NFT phishing attack.
Phantom – A Fake Security Update
The ingenuity – and perversity – of hackers is sometimes surprising. Because they do not hesitate to play the security card themselves to perpetrate their misdeeds. A strategy visibly currently in place with a targeted campaign aimed at Phantom wallet holders on the Solana network. This in the form of a fake security update whose purpose is to introduce a Trojan horse on each targeted computer. And as a consequence, the collection of passwords and the theft of cryptocurrencies.
” This ongoing attack started two weeks ago (…) Hackers are dropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update. This leads to the installation of password-stealing malware and the theft of cryptocurrencies held in these wallets.
Bleeping Computer
Information relayed by the site Bleeping Computer which explains in detail how this attack is set up. In fact, it all starts with the appearance of an NFT in the targeted wallets. These are named “PHANTOMUPDATE.COM” or “UPDATEPHANTOM.COM”. An airdrop allegedly conducted by the developers of the Phantom Wallet over a security warning. And, at the opening of these famous NFTs, a message indicating thata new security update is available and should be installed “as soon as possible“. Because “failure to do so may result in loss of funds due to hackers exploiting the Solana network”.
And in order to perform this update, a link then redirects the victim to a corrupted website. Because the simple fact of visiting it downloads at the same time and automatically “a Windows batch file named Phantom_Update_2022-10-08.bat”. The latter requiring, during its installation, an administrator type access. All in order to place malware of the type MarsStealerthe purpose of which is “probably to steal cryptocurrency wallets and passwords that would allow malicious actors to steal all crypto funds and compromise other accounts belonging to the victim,” according to the Bleeping Computer site.
Phantom – How to fix this attack?
Victims of this type of attack must imperatively scan their computers with an antivirus, in order to locate the pirate file. But also transfer their cryptocurrency funds to another – and new – wallet. Finally, it will be necessary to “change their passwords on all the sites they use, focusing on cryptocurrency trading platforms, online wallets, bank accounts, emails or other platforms sensitive…” Good luck!
Do you want to invest in the cryptocurrency sector? The FTX platform offers you the possibility to dive into this digital economy in complete safety. Sign up now to get a lifetime discount on your trading fees (sponsored link).