Last updated:
| 2 min read
On March 31, Solareum, a Telegram trading bot for trading Solana-based tokens, announced its closure after an exploit resulted in the theft of over 2,000 Solana (SOL) tokens from users’ wallets.
Solareum Trading Bot Users Safety Remains Uncertain Due to “Lack of Funds”
The developers disclosed the shutdown via a Telegram message via the support channel of the Solareum trading bot.
“Unfortunately, due to a combination of insufficient funds, evolving market trends, and a recent security breach to our systems, we find ourselves compelled to make this difficult decision,” the message read.
solareum devs confirm they are closing the project
Full message in next tweet pic.twitter.com/xqHtgxVfwG
— king.sol (@DeFiAzog) March 30, 2024
Solareum’s team further noted that the platform can no longer “assure the safety of users due to lack of funds” and failed efforts to secure additional funding after the exploit.
The Telegram trading bot suffered a loss of over 2,800 SOL tokens, estimated at $523K, from 302 Solana users on March 29. This was caused by an alleged leak of private keys, which enabled wallet drainers to steal the tokens
Meanwhile, BONKbot, the biggest Telegram trading bot on Solana, was initially suspected of being behind the exploit, as it recorded 113 victims from the compromised 302 wallet addresses.
<0.1% of BONKbot users who’ve exported their PK were affected. Our analysis strongly suggests the exploit occurred from those victims importing PKs into a specific application.
Data so far:
– total victims: 302
– BONKbot victims: 113
– keyExported from BONKbot: 113
– total SOL…— BONKbot (@bonkbot_io) March 29, 2024
However, the security team behind BONKbot swiftly refuted the allegations. According to their public statement, all affected users had previously exported and used their private keys on a Telegram bot. The team later clarified to the media that the bot in question was Solareum. However, whether this was an external breach or an internal move to rugpull customers is unclear.
TLDR: BONKbot is SAFE – but there are exploits being triggered elsewhere in the ecosystem!
Our logs show that every user account being drained has previously exported their private keys. There are also non-BONKbot wallets being drained. BONKbot users who did not export their…
— BONKbot (@bonkbot_io) March 29, 2024
With the increasing chatter on crypto Twitter, the Solareum team had to address the “exit scam” allegation on their X post.
According to them,
“There were a lot of accusations going on around about #SOLAREUM exit scam
We at #SOLAREUM team can clarify that we DO NOT steal money. But a lot of $SOLAR user’s wallets got drained, but this is a part of widespread exploit happening to other bot projects/Dapp as well.”
This is not the first time Solana-based wallets have been targeted by hackers that steal users’ funds. It could be recalled that Scam Sniffer had in January 2024 reported that Solana wallet drainers had stolen over $4 million worth of assets through phishing attacks. That was after thousands of wallets on Solana were attacked and millions stolen in a hacking incident in October 2023.
Solareum’s Team Collaborates with Authorities to Recover Stolen SOL
As detailed in their announcement, the Solareum development team has contacted relevant authorities to freeze stolen assets if they are transferred to centralized exchanges.
“As we wind down all active services and functionalities associated with Solareum in the coming weeks, we urge users to retrieve any relevant data or assets promptly,” the team added.
However, there was no mention of any compensation plan for affected users, which has caused a spate of concern for victims threatening to take legal action if Solareum fails to map out reimbursements.
Read the full article here