tl;dr
Solareum, a Telegram trading app for Solana-based tokens, is ceasing operations following a security breach that drained $523,000 worth of SOL from user wallets. Initial confusion regarding the involvement of the BONKbot trading bot was clarified by the BONK meme coin team, which indicated that affe...
Solareum, a Telegram trading app for Solana-based tokens, is ceasing operations following a security breach that drained $523,000 worth of SOL from user wallets. Initial confusion regarding the involvement of the BONKbot trading bot was clarified by the BONK meme coin team, which indicated that affected BONKbot users had exported their private keys for use in other applications.
Solareum cited insufficient funds, evolving market trends, and the security breach as reasons for its closure, but has not addressed compensating affected users, leading to demands and threats of legal action. The BONKbot team confirmed that the exploit was tied to users importing private keys into Solareum, but emphasized that the exact nature of the breach remains unclear.
The team behind Solareum, a Telegram trading app for buying and selling Solana-based tokens on the popular messaging platform, announced that it would shut down after being tied to an exploit that saw some $523,000 worth of SOL drained from user wallets last week. The wallet-draining exploit, which is estimated to have affected more than 300 Solana users, occurred late last week.
Initially, some users believed that popular Telegram trading bot BONKbot was somehow responsible for leaking users’ private keys. However, the team behind the BONK meme coin denied that their Telegram bot had a security lapse and said that any BONKbot users impacted by the exploit had previously exported their private keys to use in other apps. Solareum then said in a tweet response on Friday that “there a chance we got exploited.”
“It is with a profound sense of regret that we announce the closure of the Solareum project,” the team subsequently wrote on Telegram on Saturday. “Unfortunately, due to a combination of insufficient funds, evolving market trends, and a recent security breach to our systems, we find ourselves compelled to make this difficult decision.”
“Over the past months, we have made concerted efforts to secure additional funding, adapt to market changes, and fortify our security measures,” they added. “Despite these endeavors, the recent security breach has compromised the integrity of our systems, and we can no longer assure the safety of our users due to the lack of funds.”
Solareum’s team said that they would contact authorities in an attempt to freeze any stolen crypto assets should they be sent to centralized exchanges. However, the team said nothing about otherwise compensating affected users. Decrypt reached out to Solareum multiple times for comment, but has not received a response as of yet. The project’s Telegram channel is full of users demanding answers about the exploit, with some threatening legal action if Solareum doesn’t announce plans to compensate them.
> <0.1% of BONKbot users who've exported their PK were affected. Our analysis > strongly suggests the exploit occurred from those victims importing PKs into a > specific application. > > Data so far: > - total victims: 302 > - BONKbot victims: 113 > - keyExported from BONKbot: 113 > - total SOL… > > — BONKbot (@bonkbot_io) March 29, 2024 > BONKbot is arguably the biggest Telegram trading bot on Solana, with over 270,000 claimed users, and was initially the prime suspect for much of the community.
The BONKbot team quickly denied the connection and shared its data regarding apparent victims of the wallet-draining exploit. The team explained on Twitter that the exploit appeared to be tied to a “specific application” into which some users had exported their private keys, but it did not clarify which app appeared to be at the heart of the issue. On Monday, BONKbot confirmed to Decrypt that the data indeed pointed to Solareum.
“We’ve been working with the security community to triangulate the exploit, and while victims have interacted with a range of apps and wallets, the point of absolute correlation so far has been victims importing their into Solareum,” the BONKbot team said. “Our analysis overwhelmingly pointed to this before Solareum’s announcement, but without having access to their codebase or logs, our analysis will always remain probabilistic, not deterministic,” they added. “Moreover, it’s still unclear whether it was an external breach or an internal drain. Hence we’ve avoided pointing fingers in public—that isn’t our business.”
This HTML-formatted summary provides the key details of the article
Disclaimer: The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.