Phishing Heist on Solana Nets $3M in PYTH Tokens

• $2.9M in $PYTH stolen via zero-transfer phishing on Solana.
• Scammers swapped stolen $PYTH for $SOL, consolidating stolen funds.

A recent phishing attack on the Solana blockchain has led to the theft of 7 million PYTH tokens, valued at approximately $2.9 million. PeckShield, a blockchain security firm, identified the incident as a “zero-transfer poisoning attack.” The stolen tokens were swapped for 11,000 SOL before being consolidated into another wallet.

In this type of attack, scammers exploit user trust by initiating zero-value transactions to create deceptive activity logs. These tactics mislead users into authorising malicious transactions, resulting in asset loss. This method has become increasingly sophisticated on Solana, where phishing attacks often bypass traditional transaction simulations to avoid detection.

Moreover, the compromised PYTH tokens were swapped into SOL, consolidating the stolen funds into a wallet beginning with 3eFh8N and ending in ZNyt. Solana is currently trading at 254.71, reflecting a slight 0.11% decline in value over the past day. Meanwhile, PYTH tokens have gained 6% in value, trading at $0.4589 during the same period.

Scams On Solana

The attack highlights the rising risks of phishing scams on Solana, which has been a frequent target of such exploits. According to Scam Sniffer, over $4 million in digital assets were stolen in recent months through phishing methods on Solana. These incidents often involve malicious smart contracts, fake transaction simulations, and disguised approval requests, preying on unsuspecting users.

Cybersecurity experts stress the importance of vigilance in interacting with blockchain ecosystems. They recommend users double-check transaction details, avoid interacting with unknown links or airdrops, and utilise enhanced transaction simulation tools to identify potential threats.

As blockchain networks like Solana continue to evolve, security remains a critical concern. This attack serves as a reminder of the vulnerabilities in decentralised ecosystems and the need for proactive measures to safeguard digital assets. To avoid falling victim to similar scams, users should stay cautious and adopt robust security practices.