Table of Contents
Fetching ...

SolPhishHunter: Towards Detecting and Understanding Phishing on Solana

Ziwei Li, Zigui Jiang, Ming Fang, Jiaxin Chen, Zhiying Wu, Jiajing Wu, Lun Zhang, Zibin Zheng

TL;DR

This work is the first to study phishing in the Solana ecosystem, identifying three Solana-specific phishing transaction types (STMT, AAT, ISA) shaped by Solana's account and transaction design. It introduces SolPhishHunter, a Python-based rule-based detector achieving $93.96\%$ precision across $8058$ SolPhish transactions, and releases the SolPhishDataset comprising $64$ phishing accounts and $8058$ transactions. The authors provide a comprehensive empirical analysis of temporal patterns, financial losses totaling ~$1.10\times 10^6$, phisher characteristics, and gang-like networks, revealing distinct dynamics across the three phishing methods. They also contribute to the community via data disclosure and recommendations, laying groundwork for future wallet-integrated detection and broader phishing-type coverage to strengthen Solana security.

Abstract

Solana is a rapidly evolving blockchain platform that has attracted an increasing number of users. However, this growth has also drawn the attention of malicious actors, with some phishers extending their reach into the Solana ecosystem. Unlike platforms such as Ethereum, Solana has distinct designs of accounts and transactions, leading to the emergence of new types of phishing transactions that we term SolPhish. We define three types of SolPhish and develop a detection tool called SolPhishHunter. Utilizing SolPhishHunter, we detect a total of 8,058 instances of SolPhish and conduct an empirical analysis of these detected cases. Our analysis explores the distribution and impact of SolPhish, the characteristics of the phishers, and the relationships among phishing gangs. Particularly, the detected SolPhish transactions have resulted in nearly \$1.1 million in losses for victims. We report our detection results to the community and construct SolPhishDataset, the \emph{first} Solana phishing-related dataset in academia.

SolPhishHunter: Towards Detecting and Understanding Phishing on Solana

TL;DR

This work is the first to study phishing in the Solana ecosystem, identifying three Solana-specific phishing transaction types (STMT, AAT, ISA) shaped by Solana's account and transaction design. It introduces SolPhishHunter, a Python-based rule-based detector achieving precision across SolPhish transactions, and releases the SolPhishDataset comprising phishing accounts and transactions. The authors provide a comprehensive empirical analysis of temporal patterns, financial losses totaling ~, phisher characteristics, and gang-like networks, revealing distinct dynamics across the three phishing methods. They also contribute to the community via data disclosure and recommendations, laying groundwork for future wallet-integrated detection and broader phishing-type coverage to strengthen Solana security.

Abstract

Solana is a rapidly evolving blockchain platform that has attracted an increasing number of users. However, this growth has also drawn the attention of malicious actors, with some phishers extending their reach into the Solana ecosystem. Unlike platforms such as Ethereum, Solana has distinct designs of accounts and transactions, leading to the emergence of new types of phishing transactions that we term SolPhish. We define three types of SolPhish and develop a detection tool called SolPhishHunter. Utilizing SolPhishHunter, we detect a total of 8,058 instances of SolPhish and conduct an empirical analysis of these detected cases. Our analysis explores the distribution and impact of SolPhish, the characteristics of the phishers, and the relationships among phishing gangs. Particularly, the detected SolPhish transactions have resulted in nearly \$1.1 million in losses for victims. We report our detection results to the community and construct SolPhishDataset, the \emph{first} Solana phishing-related dataset in academia.
Paper Structure (36 sections, 10 figures, 10 tables)

This paper contains 36 sections, 10 figures, 10 tables.

Figures (10)

  • Figure 1: Solana phishing scam process
  • Figure 2: The phishing transaction f2MA...PaiC succeeded in draining multiple types of tokens from the wallet of victims.
  • Figure 3: SolPhish based on AAT (4GVr...tYAn)
  • Figure 4: The framework of SolPhishHunter
  • Figure 5: Time distribution of SolPhish
  • ...and 5 more figures