Hackers Targeting Solana (SOL) Wallets to Steal Crypto

Hackers are allegedly using NFT airdrops to deliver malware.

Solana (SOL) Phantom wallet malware

Hackers are allegedly using NFT airdrops to deliver password stealing malware under the guise of Solana (SOL) Phantom wallet security updates.

Malware NFT Airdrops

Unidentified hackers have been airdropping non-fungible tokens (NFTs) to Solana cryptocurrency holders for the past two weeks, disguising their malware as a new Phantom wallet security upgrade. The malicious software is designed to drain crypto from the victim’s wallets.


To carry this out, the attackers have been impersonating members of the Phantom team. According to BleepingComputer, they have been utilizing fake NFTs called “PHANTOMUPDATE.COM” or “UPDATEPHANTOM.COM“.

Upon opening the NFT, users receive a pop-up message informing them that a new security update for the Phantom wallet has been released, and can be downloaded by following the attached link, or via the website written.

Referring to Solana’s Wallets Hack in August

The message warns users that skipping the phony security update may result in the loss of their funds due to “hackers exploiting the Solana network.”

It is thought that the hackers were referencing the August Solana heist, which resulted in the theft of almost $8 million from 8,000 wallets, much of which belonged to Phantom wallet users, believing that the urgency of the warning message would prompt more users to fall victim to their scheme without performing due diligence.


Users who followed all of the steps had malware downloaded onto their devices from GitHub, which then attempted to steal passwords, browsing history, cookies, SSH keys, and other information.

On the Flipside

  • In the past, similar virus-spreading schemes typically used “Mars Stealer” software to siphon cryptocurrency from unwary victims. Mars Stealer utilizes a grabber feature to obtain users’ private keys, and is capable of targeting more than 40 browser-based crypto wallets and well-known two-factor authentication (2FA) extensions.
  • The Solana ecosystem has had a hard time with hacks and network outages this year, leading to worsening conditions in the performance of its blockchain.

Why You Should Care

Solana’s ecosystem has recently seen widespread adoption, attracting a wide array of NFT and game developers. The pattern can be partially explained by the network’s low-cost transactions and fast processing rates. Indeed, despite repeated network disruptions, blockchain activity has surged 311%. As a result, institutional investors are seemingly looking to secure their part in the further expansion of the blockchain ecosystem.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Paulina Okunyte

Paulina is a writer, reporter, and digital craftswoman. Her educational background extends from anthropology to IT & multimedia. She has experience working with tech startups, as well as mastering the craft of journalism. At DailyCoin, Paulina focuses on the world of metaverses, NFT marketplaces, NFT art, and blockchains backing NFT technology.