Con artists are stealing cryptocurrency from Solana users by exploiting the “Permanent Delegate” feature, which lets them burn or transfer tokens freely.
Con artists have discovered a new method to steal cryptocurrency from Solana customers. This time, they accomplish this by burning the users’ tokens within seconds of their purchase.
An individual named Slorg, who is a member of Jupiter’s Core Working Group and is based in Solana, reported that con artists have begun to exploit an integrated extension for the Solana token in order to covertly remove their victims’ cryptocurrency holdings.
lmagine that you are exchanging a token, and the history of your wallet reveals that you have received it. Slorg wrote, “But then you look inside, and nothing shows up,” in a post that appeared on X on September 3″.
As time passes and there are no tokens, you decide to do some investigating and make contact with someone who may have some idea about what is going on.
This was the reality that a member of the Jupiter Community was facing four days ago,” he went on to say. For this particular user, it has been discovered that they exchanged for a token known as “RED” that possesses a “Permanent Delegate” extension.
The con artists destroyed all the tokens involved in the transaction in just seven seconds after the transaction completed. PeckShield emphasized that the standard for Solana’s Token 2022 includes the Permanent Delegate as an additional feature.
Solana’s “Permanent Delegate” Allows Unrestricted Token Actions
According to Solana’s official website, the Permanent Delegate extension is a function that grants “unrestricted delegate privileges over all token accounts for that mint”. This enables the mint to burn or transfer tokens without any limitations. It is designed to be used for appropriate use cases, such as retrieving tokens that have been transmitted in error, revocable access tokens, or sanction compliance.
It can also be used to automatically make payments and refunds. However, even Solana has admitted that it is a “double-edged sword” with the potential for abuse. Slorg stated that there are probably a few different reasons why a con artist could wish to burn the tokens.
The first reason is that it is producing widespread chaos, as Slorg explained. It’s not uncommon for con artists to simply want to cause chaos and ruin. It bears a resemblance to a mix of humor and sarcasm.The second reason, according to Slorg, is to reduce the amount of float.
If someone is unable to sell their item, the price will not drop. Most of the time, con artists steal the majority of the original supply, and it’s important to note that they don’t need more than fifty dollars in profit to make a profit.
During November of last year, I observed a lone con artist who was launching token after token before they were pumped. “It was a lot of fun, and he was only making fifty to one hundred dollars each time, but if you broke it down into fifty dollars per day, he was making thousands of dollars every week,” recalled Slorg.
No doubt, they are testing this method, even though it may not work. Beosin and Peckshield, two companies that provide services related to blockchain security.
PeckShield hypothesizes that con artists are attempting to influence the cryptocurrency’s tokenomics because it “basically allows for manipulating the circulating supply of related tokens.
Beosin, on the other hand, is of the opinion that the con artist might utilize the feature to deceive users into believing that the circulation of their created token has remained the same by destroying the tokens that consumers have made.
As an illustration, you could burn the tokens of another individual in order to increase the value of the token and make a profit from a DeFi protocol that is associated with the token.
Slorg mentioned that Jupiter and RugCheck are among the entities that have developed indications for when this extension activates. It is essential to exercise due diligence with any token, regardless of the cryptocurrency.
You should always stick to a pattern that you don’t vary from, and when you are making a switch, you should take your time to read all of the content. Not taking this precaution could cost you in the future, especially when more token capabilities are developed. Slorg mentioned that other people have recently reported falling victim to a scam similar to this one.
