Unknown Hackers Airdropping NFTs To Solana Users, Pretends As New Phantom Wallet Security Update
Reports said that for the last two weeks, unknown hackers have been airdropping nonfungible tokens (NFTs) to Solana cryptocurrency users pretending as a new Phantom wallet security update.
It has been reported that instead of an update, it’s malware designed to steal their crypto. The hackers are claiming to be from the Phantom team and using NFTS titled PHANTOMUPDATE.COM or UPDATEPHANTOM.COM.
However, after opening the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded by using the enclosed link or the listed website. To add urgency, the message claims that failing to download the fake security update, “may result in a loss of funds due to hackers exploiting the Solana network.”
The report said that the urgency piece is likely related to the Solana-based wallet hack, which saw around $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope.
Likewise, the urgency piece is likely related to the Solana-based wallet hack, which saw roughly $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope.
Users who may have inadvertently fallen prey to this scam are recommended to take security precautions such as scanning their computer with antivirus software, securing crypto assets, and changing passwords on sensitive platforms such as bank accounts and crypto trading platforms.
Thus, in the past, similar malware-spreading campaigns have employed malware named Mars Stealer to steal crypto from unsuspecting users. An upgrade of the information-stealing Oski trojan of 2019, Mars Stealer targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys.