Advanced phishing attack detected on Solana wallets: Owner permissions stolen, $3 million instantly compromised

2025-12-03 11:26:21

Abstract generation in progress

[Chain Story] I recently came across a case that was truly alarming.

A user noticed something was off with their Solana wallet—the authorization records looked suspicious, and they couldn’t revoke them no matter what. What’s even scarier is that after checking the on-chain data, they found that the Owner authority of the account had already been transferred to an unfamiliar address starting with “GKJBEL”.

The result? Over $3 million worth of assets were directly drained. There were also about $2 million locked in DeFi protocols, completely inaccessible. Fortunately, related platforms stepped in to help, and that portion of the funds was recovered.

The victim tried transferring tokens themselves to test permissions, but every operation failed. This method is almost identical to the “malicious multisig” attacks commonly seen in the TRON ecosystem.

The key point is: this isn’t your typical “authorization theft.” The attacker directly replaced the core authority—the Owner permission. That means you can see the assets in your wallet but can’t do anything with them. Want to transfer funds? Nope. Want to revoke authorizations? Impossible. Want to move tokens in DeFi? No way.

Your funds are just locked up, and all you can do is watch helplessly.

SOL2.74%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

22 Likes

Reward
22
7
Repost
Share

Comment

0/400

SmartContractPlumber

· 12-05 18:38

The method of replacing the Owner permission has indeed been seen on multiple chains. In the early days, quite a few people on TRON suffered losses because of this, and now it's starting to happen on Solana as well. The key issue is the flawed design of permission control.

View OriginalReply0

LiquidationHunter

· 12-04 02:35

That's why I never keep my private key in my head—you've got to stay vigilant at all times. --- $3 million gone just like that. Luckily, someone came to the rescue; otherwise, I'd really be eating dirt. --- The owner permissions got switched? That's like giving your house keys to someone else—you can see your house but can't get in. --- How does Solana's ecosystem keep coming up with new tricks? It's impossible to guard against everything. --- Multisig attacks have come to Solana now. Feels like no ecosystem is truly safe. --- Seeing cases like this gives me chills—who knows when it'll happen to me. --- This guy was lucky to recover $3 million. Most people probably just lose it for good. --- Anyway, all my assets are collecting dust in a cold wallet now. Seems like that's really the right move.

View OriginalReply0

rekt_but_resilient

· 12-03 11:54

Damn, even Owner permissions can be stolen? That’s even more outrageous than getting drained by approvals, you’re basically just a bystander now.

View OriginalReply0

SerumSquirrel

· 12-03 11:53

Once the owner permissions are switched, it's game over right away. That's what's truly terrifying... --- Three million just gone like that, and it was the owner that got replaced... This one's really vicious. --- Wait a minute, isn't this just a copycat of TRON's malicious multi-signature scheme? How is this becoming popular on Solana now too? --- You can see the money but can't move it. That feeling must be absolute despair... --- The platform saving $2 million is at least somewhat responsible, but losing $3 million just like that is absurd. --- The key issue is that you can't revoke the authorization. Who can handle that? --- Having owner permissions stolen is scarier than having assets stolen. It's complete loss of control. --- This technique is definitely advanced. It's not just a simple authorization vulnerability—it's the core permissions being swapped out. --- You can't even find anything wrong from the on-chain data. The phishing tactics are getting more and more sophisticated.

View OriginalReply0

MechanicalMartel

· 12-03 11:52

3 million USD just gone like that. The owner privileges are really ruthless—there's just no way to guard against it.

View OriginalReply0

POAPlectionist

· 12-03 11:48

Owner permissions are gone? That’s outrageous. You can see your assets but can't do anything with them. It's even worse than being frozen.

View OriginalReply0

GasFeeNightmare

· 12-03 11:38

$3 million gone in an instant? Seriously... this owner privilege being stolen is just insane. --- Another on-chain phishing attack. I just want to know how this guy got caught? --- The Solana fishing pond really is a bit too deep. --- Wait, authorizations that can't even be revoked? How ruthless is that? --- That malicious multi-sig scheme from TRON is now being copied to SOL? I'm speechless. --- Seeing the $3 million number makes me a bit anxious. --- You can see the money but can't touch it, that's even worse than being frozen. --- What happened to that guy afterwards, did they really recover the $2 million? --- That's why you really need to pay attention to wallet security. --- Even owner privileges can be swapped? How do these on-chain exploits even happen?

View OriginalReply0

Trending TopicsView More
#JoinGrowthPointsDrawToWiniPhone17
287.07K Popularity
#DecemberMarketOutlook
81.86K Popularity
#PostonSquaretoEarn$50
15K Popularity
#LINKETFToLaunch
13.82K Popularity
#SharingMy100xToken
16.09K Popularity

Hot Gate FunView More

1
GcashGcash
MC:$3.92KHolders:4
1.92%
2
GHOSTGhost
MC:$3.65KHolders:3
0.53%
3
BONDXBONDX
MC:$3.58KHolders:3
0.00%
4
ICBGIceberg
MC:$10.61KHolders:14
27.06%
5
GBIRDGBird
MC:$3.53KHolders:1
0.00%

Sitemap