Date:: March 29th, 2024
Amount Stolen:: $1,114,813
Amount Frozen:: $942,462.85 (Tether) + ~$50,000 (FixedFloat)
Tags:: 💼 IT Workers
Mar 29 Victim Count: 456
Apr 2 Victim Count: 933++
Total Victim Count: 1334++
On March 29th, 2024, users began reporting on Twitter/X that their Solana wallets had been drained. It was initially suspected that Telegram bot "BONKBOT" was the culprit, as many users were active BONKBOT users.
Upon further investigation, it was determined that all of the compromised BONKBOT users had previously exported their BONKBOT-generated keys. These users had all imported their keys into a similar Telegram bot SOLAREUM.
Solareum speculated that the exploits may have been linked to compromised Telegram bot tokens, which could have allowed the attackers to obtain private keys from message history.
The Solareum team has been less forthcoming with information and initially denied they had been exploited. Eventually they accepted, "There maybe a chance we got exploited." They have not been helpful in the investigation.
Solareum later wrote that they would be closing the project, and deleted their website. This drew some criticism from users who accused them of doing nothing to investigate the hack, or even being responsible themselves. The project wrote on Twitter, "We at #SOLAREUM team can clarify that we DO NOT steal money." Ah, well, in that case....
As such the investigation is led by a collection of BONKBOT team members, private investigations (e.g. Plumferno of OpenSea/Blowfish), and victims. These investigators collected victim reports and addresses and subsequently the addresses that received the stolen funds.
Collectively, the identified addresses received an estimated 4,927.34 SOL (~$926k USD) that had been stolen from 446 distinct victim addresses. All were drained at the same time and follow the same pattern as one another in terms of the theft and subsequent laundering.
- Transactions from SOL -> USDT-ETH:
- March 31st IP: 83.234.227.29 (Russia TTK)
- March 29th IP: 107.175.60.14
- en-US,en;q=0.9
- English Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
- Timezone: Asia/Tokyo
- User email: takanmolotov@gmail.com
- User email: petersmith.0322@gmail.com
- https://twitter.com/SolareumProject/status/1773745573234983021
- https://twitter.com/bonkbot_io/status/1773655415760588997
- https://docs.google.com/spreadsheets/d/16edS0MLAbLR5ZpiX7ds3bmWJWcFjUsKimN3O3jmGlZM/edit?usp=sharing
- https://twitter.com/SolareumProject/status/1773751219149824274
- https://twitter.com/Plumferno/status/1773736811090629114
- https://flipsidecrypto.xyz/crypto_edgar/solareum-exploit-MX-y0T
- 6AZpMspmfdpA7jKCzHpypy18szmgh9sPTvxz6vcPY22a
- dreNf5jDr6Sm6euvA14rjfYiVRu7BunVzZz6ANk1ydT
- 7kCNeLRQno5EcY6isJitgXwfiEWgdYYAtiow1TuZc3sE
- 2ymk4r9HunMLtbutJU4JMFfhcF46dvGywmd1WBdwnL9y
- HkhFZnEeTkiDXCgG8RkHR6tZWGBbi2Trrv1Tt68CCvDo
- FuCor4bRA5mNncwHXPon5KW5knCW1PHo5apvFSK5sFta
- 5a87Rq7RwwmxNYwCUw75mwQxjyxSJv9rJWaAct5FnVvN
- AUXUQzRwE1rRHp9nzo7xzoXbb6eFJ64a3hVik5YG8R6d
- ASLeKH6nmo9SYCErtzoDtE757Y1ZW6XnwoKjvw4pRfqL
- 2VjYEze2FyxMYmbccCamkhJP2bS3GPHzuQNPTjSnp23R
- K5NitffNriXxk3zKPTMDhx3z5oFc5PhwQyNQmUNTbxx
- 5X1N7qkaJaAdRrAfTv1yxGxcLnzdm61ixc1B2dWUsM45
- 687nV1efL1yprxkKUo2N6njPVKXiu2QqoqU5giEDzevZ
- 4zTUnoEJiskPtMSHZgfoMowv466FffazrYk4iX8Q5wSf
- 463o2SqgtTkGSrnhkLYueRg2WeN5Run62SomNCyGht7p
- FLwXRaN8oVqPuuM455gL6W31VvdxXo4pADQsuqCveqcP
- 8SNQ1dKyZyPT8M42L3LxnbtzYgp1fL3pKbYNgA2jeWv5
- 3z3nLpD8qskGW25H18mSmx5SKY9z4ibKDx4njP46H9He
- 6JCNpXi6zXeT1bQUj4b7jaEa2nJvAnkxSKfCj6mbgzD4
- J6WH1RqvZZVBHDoohV1S9gWDsQsZjQzbtooaqQpNeuWy
- Cnb6fyuosrzx9GBgm5fHx3rNoiZfK81Ja4M93DNVvGir
- Gux6cujdTabgkaaBn8iDpBBqqQLbZPTyNad14NJCafg8
- B8iY8z7VSYvJ2ic3VA3957H8vDfpPRbvhixwnHhb8TDX
- CwezuQAc4HNMsKymXffGfG4PFqLazyumdZ2wfQxzmBaC
- Ez7KAmhBXLAjFj5MKYbNNUipU72NDUrGHzRvBS5cjGiy
- DTCoQ2oiiUaLstuc3xe1dbbVwCTydu1Mr6z5XW1N6aK2
- BKdTfBndN6PhpdGQKw5n1eVtosvbLWx2TTyzZuhQxqAi
- 2Rs4xxz1SdZRZBRgzBmSY7T5AZUSGRDh5GpiySoKsamW
- HnUduQSniygESCv593wmhcZeAR4gSgpJu82hrLeTxyeo
- F1AeVSFF9Kv2BNTvfpGCgFKdjQWFTVc3jtHaSGKN9mJj
- A7HkLAzGtiffSpEFPEyRGw7n4UMRUp8VpQQZwRa6Ekus
- 5NqYhBxS5TKU725JokRUGZHcWteKXjL8ag5cPKrmG7kn
- D9VACAfVmvTZxHLnmf1JNXhTerFRGUUEkWSeQXvs4FdJ
- iNcPWqnVMUKQ5CqgztWwELP3a1kJQD5avFNaWnoQUyo
- 7ovevcbx2T3qu3eAvDFyKDSreXUeLv7VHs9pSTFvr2hU
- 9kU1QETxpCPgHGSUspUXJwwEchBR4q2ZieDw1Y8tiYJP
- 0x84Ad3Ad89CC96e82EE1D57151fDbDcaA823e6aCc $40,104 USDT
- 0xD7AD5a1db7739C01d9B4471c5B9ffb871F625941 $20,218 USDT
- 0x05ae4747262f351eC861355987E8ED58a78F10Ca $40,123 USDT
- 0x6a0012bdDdA0bC958c28691b373f6236e8fAbAa0 $40,097 USDT
- 0xC955915bd7fa544D26d5Bb6547A8169CB37130C4 $39,941 USDT
- 0x5e6BA75E0FbDc9a9dd0fbDEe5d4B0bfEAC9f0Fb6 $40,277 USDT
- 0x9A9fd8435a02CB1Dc4c8F5Db33f31aA5C56CA3e7 $40,212 USDT
- 0xaA4436a1D19fd53275817D38b5282b9c3951599E $40,026 USDT
- 0x99caa2DD9f1f845a9a01422c991c472d15ceD1d1 $40,040 USDT
- 0x474604bcaf36FDf518bECFcaEBB0C98b5B85A152 $40,001 USDT
- 0x8E2eb468D10e53f99639f02D58a19aB3d60cd07d $40,089 USDT
- 0x1DBbD7182Ee17720d09121c20bc658De28F2054F $39,990 USDT
- 0x6bE0873C769Cb4E9Fb3CD42Fa25bC179945cd2b9 $39,964 USDT
- 0xd4aC8325131512D792EeadD73B694B744dE9D947 $40,012 USDT
- 0x71E8aB7C141A58bD79948c11C9d8D1F7ef041F47 $40,049 USDT
- 0xB86369eD3754a404C5C0D5AA9Da6400A9466053E $40,171 USDT
- 0x0A9Ed2a9d3F811B3cd6aD673CDEcCd88047618CA $40,236 USDT
- 0x1C7F7F7b66d1f6e9C23545c0156A6A1F676C0E1b $40,153 USDT
- 0x284512d226465443e04ffFE82FA20628a94D46B6 $40,467 USDT
- 0x48CFaFE2460570575e80eaCD4f762c7cF8F6f3B3 $40,000 USDT
- 0x655113606AAFe1549dcCfeD4E120DA22b6CddA24 $40,134 USDT
- 0xDdb5DEd6c513747b8B831d7521E00c3202Bc08fd $40,117 USDT
- 0x97BeCBB90ff30513e7984e3bdcE4863d03d59FC4 $40,050 USDT
- 0x05C8A416aE8dB42B737a15c4C3FF5F5beF051FEf $39,980 USDT
- 0xb6c915f82939bc7983169690d552e6c7a65e7899 7.94 ETH
- 0x98d9af30b287d723326e39e0022d849004483302 13.19 ETH
- 0x47cfad92fadcecb5ce49b22997095eb013665f4a 9.57 ETH
- 0xed7e740803a5ab25048e225e835fa61e10e58b88 12.74 ETH