The team behind Solareum, a Telegram trading app for buying and selling SolanaThe popular messaging platform’s token-based platform announced that it would be shutting down after some of the attacks were linked to it. $523,000 worth of SOL was depleted. From the user’s wallet last week.
The wallet-draining exploit, which is believed to have affected more than 300 Solana users, occurred late last week. Initially, some users believed that BONKbot, a popular Telegram trading robot, was responsible for the leak of users’ private keys.
However, the BONK meme coin team denied that there was a security issue with the Telegram bot and said that there were BONKbot users affected by this exploit. You previously exported your private key. To use in other apps
solarium next said in a tweet response “It (could be) possible that we could be exploited,” he said on Friday.
“It is with deep regret that we announce the end of the Solarium project,” the team later wrote on Telegram on Saturday. “Unfortunately, a combination of funding constraints, changing market trends, and recent system security breaches have forced us to make difficult decisions.”
“Over the past few months, we have made a concerted effort to secure additional funding, adapt to market changes and strengthen our security measures,” he added. “Despite these efforts, recent security breaches have compromised the integrity of our systems, and due to lack of funding, we can no longer ensure the safety of our users.”
The Solarium team said it would contact authorities to freeze stolen cryptocurrency assets if they were sent to a centralized exchange. However, the team said nothing about offering any other compensation to affected users. decryption We have contacted Solareum several times for comment, but have not yet received a response.
The project’s Telegram channel is filled with users demanding answers about the abuses and even threatening legal action if Solareum does not announce a compensation plan.
<0.1% of BONKbot users who exported PK were affected. Our analysis strongly suggests that the attack occurred in which the victim imported PK into a specific application.
Data so far:
– Total victims: 302
– BONKbot victims: 113
– Key exported from BONKbot: 113
– Total SOL…— BONKbot (@bonkbot_io) March 29, 2024
BONKbot is arguably the largest Telegram trading bot on Solana, with over 270,000 users and was initially a prime suspect for many in the community. The BONKbot team quickly shared data about apparent victims of the exploit, who had their connections rejected and their wallets drained.
The team explained on Twitter that the exploit appears to be linked to “specific applications” that some users exported their private keys to, but did not specify which app was at the heart of the problem. On Monday, BONKbot confirmed: decryption The data actually pointed to Solareum.
“We have been working with the security community to triangulate the exploit, and while victims interact with a variety of apps and wallets, the absolute correlation so far has been for victims to import their (private keys) into Solareum.” said BONKbot. Tim said.
“Our analysis overwhelmingly pointed this out prior to Solareum’s announcement, but without access to their codebase or logs, our analysis will always remain probabilistic rather than deterministic,” they added. “Furthermore, it is not yet clear whether it is an external or internal leak. Therefore, we avoided pointing fingers in public. That’s not what we do.”
Edited by Ryan Ozawa.
