Fraudster Hunts for Solana Private keys With Phishing Sites

Solana has been in the news for a number of reasons, one of which is that the internal token of the network has been appreciating in value over time. This is one of the reasons why the coin has become attractive to many scams. We recently discovered a number of phishing sites that are actively phishing for the private keys of Solana users.

Fraudsters are aware that there are many users of digital currencies who know little or nothing about the safety measures that are required to secure their coins. So they launch phishing sites to gain access to private keys that enables them to steal the SOL tokens of users.

What makes this particular fraudster remarkable is that they have secured a number of domains that target the private key of users and even went further in their quest to gain access to this vital key by using Google Ads to advertise some of these sites.

You can quickly check some of these sites to take note of them and be careful to avoid using them. The phishing sites associated with this Sollet scam are:


Operational Mode

The entity behind these site could be the same. When a visitor accesses the website, they’re prompted to open a Solana wallet using the Phantom app or the Solflare. This appears on a dialog box which when closed, the user finds the backup phrase of the fraudster.

The user is instructed to back up their Solana wallet using the fraudsters own backup phrase. The site copy states:

Your private keys are only stored on your current computer or device. You will need these words to restore your wallet if your browser’s storage is cleared or your device is damaged or lost.

By default, sollet will use m/44’/501’/0’/0′ as the derivation path for the main wallet. To use an alternative path, try restoring an existing wallet.

Obviously, the person would believe that they’re storing a seed phrase to secure their wallets without knowing that they are actually making it possible for the fraudster to steal their SOL tokens down the line.

Obviously, this elaborate phishing scam takes advantage of the fact that new users of cryptocurrencies may not be aware of the importance of securing their private keys and the fact that whoever holds the private keys is in possession of the wallet.

Restore Existing Wallet Scam

You should know that for phishing sites such as these, that the primary objective of the owner is to deceive the users into the restoration of their wallets by inputting their seed phrases which the fraudster uses to gain access to the Solana wallet of the person.

On the main page of the phishing site, the user is instructed to restore existing wallet. The next page is where they’re required to input their seed phrase. This is the 12-word or 24-words seed phrase that the user already generated from their Solana wallet. Inputting these words means that the fraudster can gain access to their Solana wallet and steal all their SOL tokens.

Why Solana?

Solana has been promoted as an alternative to Ethereum. The smart contract platform has definite advantages such as low transaction fees. This makes it possible for developers of decentralized applications to gain access to a platform that delivers as well as Ethereum at a cheaper price.

Also, Solana is highly scalable, so the challenges of high fees that are associated to network clog is non-existent. These feature have contributed to the high adoption of the network and consequent rise in its market capitalization. Solana is presently among the top 10 capitalized cryptocurrencies having been described as a top Ethereum competitor.

Domains Checkup

In a bid to know the background of some of these sites phishing for SOL tokens to steal, a check on Whois shows that, one of the phishing domains was registered on September 3, 2021.

Pulled Down Phishing Sites

We have noticed also that some of the sites have been pulled down. It is possible that there are people reporting them, especially after losing funds to this phishing scheme. for instance, seems to have been taken down possibly by the hosting company, after receiving scam complaints. Nevertheless, most others are still live and some are actually being used on Google Ads.

Rotating Phishing Sites On Google Ads

What we observed is that the fraudster behind this scam is actively using ads from Google to promote them, It is important that cryptocurrency users take note of any sites that are phishing for private keys and generally avoid them.

Thinking of a good site for your cryptocurrency investment? Check our recommendation.

Follow us on Twitter

Follow us on Facebook

Author: Jofor Humani

Jofor is a crypto journalist with passion for investigative reviews.