$523,000 withdrawn from Solana user wallets; BONKbot denies links

A series of wallet draining attacks in Solarium It is possible that this vulnerability is linked to Telegram's trading bots, although the team behind the most prominent one – BONKbot – denies that the exploit is related to its app.

Yesterday, several complaints surfaced on Twitter about Solana's wallet being empty. Some users pointed the finger at BONKbot, a popular app developed by the team behind the Solana meme BONK, which facilitates the buying and selling of Solana-based tokens via the Telegram messaging app.

On Friday morning, BONKbot He denied these allegationsWhich suggests that any affected users who previously used the Telegram bot have likely exported their private keys and used them in other applications.

“BONKbot is safe! But there are exploits running in other parts of the ecosystem!” the team wrote on Twitter. “Our logs show that each user account being drained has previously exported their private keys. There are also non-BONKbot wallets being drained. BONKbot users who have not exported their keys are safe.”

Friday afternoon team An update has been shared Saying it has so far tracked down a total of 302 wallet-draining victims, with about 2,808 soles stolen, or roughly $523,000 at current prices. BONKbot claims that 113 of these victims had previously used its bot, but they had all exported their private keys (PKs) for use elsewhere.

“Our analysis strongly suggests that the exploit occurred when these victims imported PK files into a specific application,” BONKbot said on Twitter. However, the team did not reveal the alleged app in question. Decryption She reached out for clarification but did not receive an immediate response.

according to analysis From BONKbot, the largest victim lost just over 500 soles in the attack, or about $93,000.

There is widespread speculation on Twitter that Telegram's rival trading bot, Solareum, could be linked to a possible private key leak. In a tweet on Twitter, the team responded Identify a Twitter user Who said “there could be a possibility we were being exploited,” but the Solareum team also took a defensive stance and said Who were actually victims.

“Until we can confirm that we were indeed exploited, we will announce it publicly. Otherwise, it is just a possible scenario,” he added. “There are also other exploited wallets that never created wallets through our bot or imported their private keys into our bot.”

Decryption She contacted Solareum for comment but did not immediately receive a response.

Edited by Ryan Ozawa.