1. Home
    2. /Phishing Website for NFT Drop on Solana Sweeps Over $500k Tokens

    Phishing Website for NFT Drop on Solana Sweeps Over $500k Tokens

    Aurory, a gaming project built on Solana network at a loss as users lose funds to a phishing website that uses malicious code to move their funds.

    Updated Apr 25, 2024
    Wilfred Michael

    Author by

    Wilfred Michael

    Phishing Website for NFT Drop on Solana Sweeps Over $500k Tokens

    The non-fungible token (NFT) craze on the Solana network has witnessed its first major setback. Users have reportedly lost over $500,000 to a phishing website that included a malicious code that moved all of a user’s funds to the hacker’s address.

    Aurory, a gaming project built on Solana, announced the impending release of its NFTs today, August 31. Following their initial release, users are usually required to connect their wallets to the NFT contract to mint the tokens. On this occasion, however, some users landed on a phishing website with a similar address, that is app.aurory vs aurory(dot)app.

    Those who connected their wallets and signed the malicious contract on the phishing website ended up losing their SOL holdings as it was quickly transferred to the hacker’s address.

    At this time, the amount lost to the incident is unknown, but it could be over $500,000, according to Twitter user @hoaktrades who first spotted the spooky website. Aurory Project reported that its website had over 55,000 users at the time of the sale.

    The address used for the phishing still holds over $75,000 in SOL token and other balances, while the attacker is already converting the funds to Wrapped Ether (WETH) and moving them from Solana to Ethereum.

    FTX CEO, Sam Bankman-Fried responded to a request asking the exchange to blacklist the associated address and possibly freeze funds, although no success has been reported so far.

    How to Avoid Similar Incidents While Minting NFTs

    Crypto users can avoid similar occurrences or minimize them in the future by using only new addresses when participating in NFT mint. This is in addition to making sure that they’re on the right URL specified by the project and also not enabling auto-approve transactions on any NFT minting website.

    Solana wallet developer Phantom said in a reply that it would remove the auto-approve feature from connection requests in a bid to prevent such incidents in the future.

    The Solana project has stolen the limelight lately after its token, SOL, hit a new all-time high, and DeFi projects on the network continue to witness rapid growth.