Solana Telegram Trading Bot to Shut Down After Users Drained of $523K

  decrypt.co 3 h

The team behind Solareum, a Telegram trading app for buying and selling Solana-based tokens on the popular messaging platform, announced that it would shut down after being tied to an exploit that saw some $523,000 worth of SOL drained from user wallets last week.

The wallet-draining exploit, which is estimated to have affected more than 300 Solana users, occurred late last week. Initially, some users believed that popular Telegram trading bot BONKbot was somehow responsible for leaking users’ private keys.

However, the team behind the BONK meme coin denied that their Telegram bot had a security lapse and said that any BONKbot users impacted by the exploit had previously exported their private keys to use in other apps.

Solareum then said in a tweet response on Friday that “there [may be] a chance we got exploited.”

“It is with a profound sense of regret that we announce the closure of the Solareum project,” the team subsequently wrote on Telegram on Saturday. “Unfortunately, due to a combination of insufficient funds, evolving market trends, and a recent security breach to our systems, we find ourselves compelled to make this difficult decision.”

“Over the past months, we have made concerted efforts to secure additional funding, adapt to market changes, and fortify our security measures,” they added. “Despite these endeavors, the recent security breach has compromised the integrity of our systems, and we can no longer assure the safety of our users due to the lack of funds.”

Solareum’s team said that they would contact authorities in an attempt to freeze any stolen crypto assets should they be sent to centralized exchanges. However, the team said nothing about otherwise compensating affected users. Decrypt reached out to Solareum multiple times for comment, but has not received a response as of yet.

The project’s Telegram channel is full of users demanding answers about the exploit, with some threatening legal action if Solareum doesn’t announce plans to compensate them.

<0.1% of BONKbot users who’ve exported their PK were affected. Our analysis strongly suggests the exploit occurred from those victims importing PKs into a specific application.

Data so far:
— total victims: 302
— BONKbot victims: 113
— keyExported from BONKbot: 113
— total SOL…

— BONKbot (@bonkbot_io) March 29, 2024

BONKbot is arguably the biggest Telegram trading bot on Solana, with over 270,000 claimed users, and was initially the prime suspect for much of the community. The BONKbot team quickly denied the connection and shared its data regarding apparent victims of the wallet-draining exploit.

The team explained on Twitter that the exploit appeared to be tied to a “specific application” into which some users had exported their private keys, but it did not clarify which app appeared to be at the heart of the issue. On Monday, BONKbot confirmed to Decrypt that the data indeed pointed to Solareum.

“We’ve been working with the security community to triangulate the exploit, and while victims have interacted with a range of apps and wallets, the point of absolute correlation so far has been victims importing their [private keys] into Solareum,” the BONKbot team said.

“Our analysis overwhelmingly pointed to this before Solareum’s announcement, but without having access to their codebase or logs, our analysis will always remain probabilistic, not deterministic,” they added. “Moreover, it’s still unclear whether it was an external breach or an internal drain. Hence we’ve avoided pointing fingers in public—that isn’t our business.”

Edited by Ryan Ozawa.

Source