A dangerous new wave of phishing attacks is targeting Solana users by changing wallet ownership permissions rather than stealing private keys.<\/p>\n
A victim lost more than USD 3 million in a single attack, with an additional USD 2 million locked in investment platforms.<\/p>\n
What makes this attack unique is that the user\u2019s funds remained visible but became impossible to move or control.<\/p>\n
The attack works in two surprising ways. First, when users approve a transaction, wallets show the wallet balance to help users feel safe.<\/p>\n
Attackers craft special transactions that appear harmless because they cause no visible balance changes.<\/p>\n
Second, unlike other blockchains like Ethereum where ownership is locked to your private key, Solana<\/a> allows wallet owners to be reassigned through a technical operation.<\/p>\n This difference leaves many users unprepared for such attacks. SlowMist security analysts identified<\/a> and studied this emerging threat after a user reached out for help.<\/p>\n 1\u20e3Recently, we assisted a victim of a phishing attack that resulted in the unauthorized transfer of his account\u2019s Owner permission. This is similar to the “malicious multisig” \u2013style attack commonly\u2026 pic.twitter.com\/7yO1uAJT5a<\/a><\/p>\n \u2014 SlowMist (@SlowMist_Team) December 4, 2025<\/a>\n<\/p><\/blockquote>\n\n
![\"\ud83d\udea8\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/1f6a8.png?ssl=1\")
Beware of Solana #Phishing<\/a> Attacks: Wallet Owner Permissions Can Be Altered<\/p>\n