Solana Wallets Lose Millions to Rainbow Drainer and Node Drainer Scams

According to Decrypt, two wallet drainers, Rainbow Drainer and Node Drainer, have stolen a combined $4.17 million worth of crypto assets from 3,967 Solana wallets since late November. The majority of these thefts have occurred since mid-December. Malicious actors appear to have stolen the majority of these funds by targeting specific Solana token communities with NFT airdrops, then attaching phishing website links to those NFTs. Legitimate airdrops are on the rise lately, but so are social media scams presented as real giveaways. Users of Rainbow Drainer targeted holders of ZERO, the native token of Solana meta protocol Analysoor, by airdropping them NFTs that claimed to offer vouchers for 1,000 free ZERO tokens. Curious recipients clicked the external link affiliated with the NFT and signed a transaction linking their wallets to the site, resulting in their wallets being drained of all digital assets. Such attacks using Rainbow Drainer have netted thieves $2.15 million in the last few weeks. Assets stolen in these exploits include BONK, ZERO, USDT, and USDC, among other tokens. Using Node Drainer, hackers placed similar phishing links in Discord groups and infiltrated Twitter accounts to post them, including that of cybersecurity firm and Google subsidiary Mandiant. These exploits netted Node Drainer deployers $2.025 million, primarily in the form of ANALOS and BONK. On-chain evidence suggests at least a solid portion of these attacks stemmed from a single individual or small group. A single wallet address associated with the wallet drains used AllBridge to transfer over $1 million worth of stolen assets cross-chain to Ethereum, where the funds were exchanged for ETH and transferred again.