SlowMist Warns of Solana Wallet Owner Permission Hijacking Attacks

SlowMist's security team issued an alert on December 3 regarding a phishing attack where a user's account Owner permission was transferred, resulting in over $3 million in stolen assets and approximately $2 million trapped in DeFi protocols. The attack replaced the victim's core Owner permission rather than exploiting traditional authorization theft, rendering the user unable to transfer funds, revoke permissions, or operate DeFi assets despite funds appearing intact. Attackers exploited two scenarios: carefully crafted transactions showed no fund changes during wallet simulation, and users unfamiliar with Solana's ownership modification feature signed malicious requests. SlowMist advises users to verify whether authorization signatures contain high-risk operations such as Owner permission modifications.