Scammers Leverage Permanent Delegate Extension on Solana
By Olivier Acuña | TH3FUS3 Chief Editor
September 4, 2024 09:41 AM
Reading time: 2 minutes, 36 seconds
TL;DR Scammers have found a new method to exploit Solana users by burning tokens directly from their wallets. The scam leverages the 'Permanent Delegate' extension to delete crypto holdings stealthily. Multiple security firms and blockchain experts have confirmed this alarming trend.
New Rug-Pull Method Targets Solana Users
Scammers have reportedly found a new way to rug-pull Solana users' crypto. This time, they are burning tokens from inside their victims' wallets.
According to Slorg, a member of Jupiter's Core Working Group based in Solana, scammers have started using an in-built Solana token extension to stealthily delete their targets' crypto holdings.
'Imagine you swap for a token, and the wallet history confirms that you received it. But then you look inside, and nothing shows up,' said Slorg in a Sept. 3 post on X.
'Time passes and no tokens, so you do some digging and reach out to someone who might know what's happening. He added that this was the reality for a Jupiter Community Member 4 days ago.
Permanent Delegate Abusers
For one user, they swapped for a token called 'RED,' which has a 'Permanent Delegate' extension. This allowed the scammers to burn all the tokens in the transaction a mere seven seconds after it went through. 'The Permanent Delegate is an extension feature in Solana's Token 2022 standard,' PeckShield explained to Cointelegraph.
Solana's official website describes the Permanent Delegate extension as a function that gives 'unrestricted delegate privileges over all Token Accounts for that mint, enabling them to burn or transfer tokens without limitation.'
It is intended for proper use cases, such as retrieving tokens mistakenly transferred for use in revocable access tokens or sanction compliance. It can also be used for automatic payments and refunds.
'Reason one is causing generalized mayhem,' said Slorg. 'Sometimes scammers just want to see destruction and chaos. Kind of like a mix between a prank and a 'f*ck u.''
Motivations Behind the Scam
The second reason, said Slorg, is to reduce float. 'If someone can't sell, the price won't decrease. Many times, scammers snipe most of the initial supply, and they don't need more than $50 in profit to make it worthwhile.'
Slorg observed a lone scammer last November who launched token after token before pump.fun. He was only raking in $50-$100 each time, but spread across 50 a day, he was making thousands a week. 'It's probably not a super-efficient strategy, but they're experimenting out there.'
Blockchain security service providers Beosin and PeckShield also shared similar theories in comments to Cointelegraph. PeckShield speculates that scammers are trying to affect the cryptocurrency's tokenomics, as it 'basically allows for manipulating the circulating supply of the related tokens.'
Meanwhile, Beosin believes the scammer could use the function to trick users into thinking the circulation of their created token has remained the same by destroying users' tokens.
Community Response
Slorg noted that Jupiter and RugCheck are among the two entities that have created indicators for when this extension is turned on.
'Regardless, practicing due diligence with any token is crucial. Always have a routine that you stay consistent with, and take your time to read all the text when making a swap.'
He emphasized, 'If not, it could cost you someday—especially as new token capabilities are developed.' Others have also reported being hit with a similar scam recently, noted Slorg.