A string of wallet drainer attacks on Solana over the last day may be tied to Telegram trading bots, although the team behind the most prominent one—BONKbot—denies that the exploit is tied to their application.

Numerous reports of Solana wallets being emptied of their SOL popped up over the past several hours on Twitter, with some users pointing the finger at BONKbot, a popular application from the team behind the Solana meme coin BONK that lets buy and sell Solana-based tokens via the messaging app Telegram.

Early Friday, BONKbot denied the claims, suggesting that any affected users who had previously used the Telegram bot had more likely exported their private keys and used them in other applications.

“BONKbot is SAFE—but there are exploits being triggered elsewhere in the ecosystem!” the team wrote on Twitter. “Our logs show that every user account being drained has previously exported their private keys. There are also non-BONKbot wallets being drained. BONKbot users who did not export their keys are SAFE.”

AD

On Friday afternoon, the team shared an update saying that it has tracked 302 total victims of the wallet drainer so far, with about 2,808 SOL swiped—or about $523,000 worth at the current price. BONKbot claims that 113 of those victims had previously used its bot, but that all of them had exported their private keys (PKs) for use elsewhere.

“Our analysis strongly suggests the exploit occurred from those victims importing PKs into a specific application,” BONKbot tweeted. The team did not reveal the alleged application in question, however. Decrypt reached out for clarification but did not immediately receive a response.

AD

According to analysis from BONKbot, the largest single victim lost just over 500 SOL in the attack, or about $93,000 worth.

There’s rampant speculation on Twitter that a competing Telegram trading bot, Solareum, could be tied to the potential leak of private keys. In a tweet reply, the team acknowledged to a Twitter user that “there [may be] a chance we got exploited,” however the Solareum team also went on the defensive and said that they were actually victims.

“Until we can confirm that we are actually exploited, then we will publicly announce it. Otherwise, it's just a possible scenario,” they wrote. “There are also other wallets exploited that's never generated wallets through our bot or imported their PKs into our bot.”

Decrypt contacted Solareum for comment but did not immediately receive a response.

Edited by Ryan Ozawa.

Stay on top of crypto news, get daily updates in your inbox.