Wallet Drainer Attacks on Solana Allegedly Tied to Telegram Trading Bots
A series of incidents involving wallet drainer attacks on the Solana blockchain network has emerged recently, potentially linked to the usage of Telegram trading bots. However, the team associated with the most prominent bot, known as BONKbot, has refuted claims suggesting a direct correlation between the exploitation and their platform.
Several instances of Solana wallets being depleted of their SOL tokens have been reported across various social media platforms within the past few hours, with some users attributing these incidents to BONKbot. This popular application, developed by the creators of the BONK meme coin on Solana, enables users to trade Solana-based tokens via the Telegram messaging application.
Response from BONKbot Team
In response to the accusations, the BONKbot team took to Twitter to address the situation. They explicitly denied any connection between their bot and the reported exploits, asserting that affected users who had engaged with the Telegram bot had likely exposed their private keys and utilized them in other contexts. The team stated, “BONKbot is SAFE—but there are exploits being triggered elsewhere in the ecosystem!”
According to BONKbot’s analysis, a negligible percentage of users who had exported their private keys were impacted by the attacks. The team emphasized that the exploit appeared to stem from individuals importing their private keys into a specific, undisclosed application.
Insights from BONKbot Findings
Subsequent updates from the BONKbot team indicated that 302 individuals had fallen victim to the wallet drainer attacks, resulting in the loss of approximately 2,808 SOL (equivalent to around $523,000 at the current market value). Out of the total victims, 113 had previously interacted with BONKbot; however, all of them had reportedly exported their private keys for external use.
Despite the team’s assertions regarding the source of the exploit, they opted not to disclose the identity of the application implicated in the incident. Inquiries made by Decrypt to seek further clarification on the matter remain unanswered at present.
Speculation and Response from Solareum
Amidst the unfolding events, speculation on Twitter has surfaced regarding a potential association between the wallet breaches and a competing Telegram trading bot known as Solareum. The Solareum team responded to queries on the platform, acknowledging the possibility of exploitation, yet maintaining a defensive stance. They suggested that they too had become victims of the attacks, pending confirmation.
The team behind Solareum clarified that until definitive evidence of exploitation was established, any public announcements would be withheld to prevent premature dissemination of unverified information. Furthermore, they highlighted the existence of other affected wallets that had no links to their bot, reinforcing the complexity of the situation.
Decrypt reached out to Solareum for additional insights, but as of now, no response has been received from the team.
Image/Photo credit: source url