According to Slorg, a member of Jupiter’s Core Working Group on Solana, scammers have started using a built-in Solana token extension to secretly delete their targets’ crypto assets. On September 3, Slorg shared on X that transactions were being made within the wallet, but these transactions were not visible in any way.
New Attack Method on Solana Network
In the related attack, it was revealed that they swapped for a token named RED with the Permanent Delegate extension for a user. This allowed the scammers to burn all the tokens just seven seconds after the transaction. Solana’s official website describes the Permanent Delegate extension as a function that allows tokens to be burned or transferred without limitation.
It was designed for appropriate use cases such as reclaiming mistakenly transferred tokens, using in revocable access tokens, or compliance with sanctions. However, even Solana acknowledged that this is a double-edged feature and could be abused. Speaking on the matter, Slorg stated that there could be several reasons why a scammer would want to burn tokens and shared the following statements:
“The first reason causes general chaos. Sometimes scammers just want to see destruction and chaos. If someone can’t sell, the price doesn’t drop. Most of the time, scammers grab most of the initial supply, and the point is that they don’t need to make more than $50 to make it valuable.”
“Last November, I saw a single scammer issuing token after token before Pump Fun, and each time he was making only $50-100 but spread over $50 a day, earning thousands of dollars a week.”
Comments from Famous Names Came Quickly
Blockchain security service providers Beosin and Peckshield teams also shared similar theories in their comments. PeckShield predicts that scammers are trying to affect the token economy of the cryptocurrency because this essentially allows manipulation of the circulating supply of the related tokens.
Beosin believes that the scammer could use this function to trick users into thinking the circulating supply of the created tokens remains the same by destroying users’ tokens:
“For example, burn someone else’s tokens to raise the token price and profit from a DeFi protocol related to the token.”
Slorg stated that Jupiter and RugCheck are among the two organizations that create indicators of when this extension will be activated:
“No matter what, it is very important to exercise due diligence with any token. Always have a routine you don’t deviate from and take the time to read all the text when swapping. Otherwise, it could cost you dearly one day.”
