The State of Spam on Solana

FMLB...3m5L
17 Feb 2024
18



Greetings! You may be here from Twitter, or maybe from my last post here on Bulb. A lot has changed since I started this journey 2 months ago in this fast moving space and blockchain!

The Evolution of Spam on Solana


  • Shift to Compressed NFTs (cNFTs): Spam on Solana has shifted to cNFTs, making spam magnitudes worse and leading to more frequent wallet drains.
  • Community Response: More great builders have joined the fight against spam and scams!
  • What I'm up to: I've come up with new ways to fight these myself, moving beyond the honeypot wallet approach.


Without further ado, let's dive into these!

Shift to Compressed NFTs (cNFTs)


Back when I started this project a couple short months ago, my idea was simple: make a honeypot wallet on Solana that was attractive to spammers and would collect their bogus NFTs. This would allow me to analyze them, gather data to prevent further spam, and lastly burn them for the token rent.

Here's a better explanation than I could make from the Helium Documentation

Information is stored on the Solana blockchain, such as token balances, NFTs, or other data, in "accounts." Keeping this data on-chain takes up space, so Solana charges a "rent" fee of ~0.002 SOL on accounts. Rent Facts: Each account has an individual rent fee. There is typically one account for each token type.


So the plan was to fight the scammers by burning their NFTs and reclaiming .002 SOL each time either directly through the Phantom wallet, or with a tool like solincinerator.com

The caveat is that compressed NFTs (cNFTs) store the account data off-chain. This means there is no rent to reclaim, and it makes NFTs exponentially cheaper to send. That's great for cool projects like Drip that distribute art from creators for free and allow collectors to support them with in app tokens.

For bad actors, this was a goldmine. This meant that sending spam out to wallets programmatically was farther reaching, cheaper, and carried no benefits for the user if they burned the spam.
Popular cybersecurity platform owned by Google, Mandiant reported that at least $900,000 USD had been stolen as of New Years Eve this past year.
source: https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns

Community Response: more great builders have joined the fight!


As spam has increased, more great builders have joined the fight in analyzing and preventing spam, especially on Solana. I'd be remiss if I didn't take a moment to acknowledge the incredible work of my fellow creators here. Their creativity, dedication, and innovation inspire me every day.

Specifically, shoutout to @solarnius (https://www.filtoor.xyz/), @SlorgoftheSlugs (sol-incinerator.com), @jacobdotsol (https://github.com/Jac0xb/lighthouse), blowfish.xyz, and Phantom.app for their outstanding contributions to our community. Check out their profiles to see the amazing work they're doing!
--------------------------------------------------------------------------------------------
https://www.filtoor.xyz is an open-source cNFT spam filter built. In a few short weeks, he's already implemented this into mints as they hit the blockchain - that means spam stands less of a chance right as it's created. Sol-Incinerator assisted by open sourcing their burned NFT data to help better tune spam classification.

https://www.sol-incinerator.com was who originally inspired me to look into spam further on Solana. They've been building for a couple years and are a great utility on the Solana blockchain - can't thank them enough for innovating and getting more people involved.

https://github.com/Jac0xb/lighthouse is a project I only recently found out about. In addition to great tools like blowfish.xyz, this will allow wallets and other dAPPs to prevent malicious contracts from being signed by taking a better look at transaction simulations.

Phantom.app (Phantom Wallet) has been a godsend. They care so much about security that I have a hard time promoting any other wallet. I'll go further into it in the last part of this post, but they have a community-maintained blocklist that directly affects what domains get flagged in the in-wallet browser. Amazing and only getting better as time goes on.
---------------------------------------------------------------------------------------------

What I'm up to


If you've made it this far, you've found out that things have changed a lot and seen a few of the great people working on these issues.

I aim to be one of these people, and I'm still learning and trying to contribute information as often as I can. So what am I up to now that a spam honeypot isn't as feasible?

With all the great tools mentioned, I've gotten a great look into what people are tackling and what gaps are still there to work on. Part of this is visualizing the vast amount of info that is out there and being open-sourced by the great players above. Building on my web2 cybersecurity education and career skills, one of the things I've gotten the most inspired about is building a threat intelligence dashboard for Solana.

What is a Threat Intel Dashboard?


First off, threat intelligence is how threats are identified and analyzed. That means the who, what, how, why, where, etc. of the attacker(s). In a Security Operations Center (SOC for short), there might be a dashboard up on a big TV that shows the analysts what the stats are everything they're analyzing and defending against. Below is Mandiant's platform.


What I want to do is aggregate all these sources into a similar dashboard and make it public. That way any project, user, or security professional in this space can use it how they see fit.

There's quite a few different platforms, paid and unpaid that can facilitate this type of dashboard being created. To start, I plan on using Google Sheets - sounds maybe too simple but it's free, self hosted, and is well known to most people.
Below is a pretty robust website management dashboard by content creator Ben Collins.


More advanced and security specific platforms I could expand into using are Splunk and OpenCTI - effectively just dashboards that have different options for ingesting and visualizing the data.

Since most of these platforms are meant to be used on a corporate network to identify threats specific to that company, I don't have much use for the extra features. That could change, but my main focus right now is phishing, so I just need a free dashboard that I can display those threats on.

Sources I'm interested in are: cNFT spam, twitter ads and bot replies, discord spam, and phantom's blocklist (which I've been actively contributing to on their github: https://github.com/phantom/blocklist#readme)

After all, according to intelligence feed OpenPhish, 4.5% of all phishing domains tracked are related to crypto or related wallet services! https://openphish.com/phishing_activity.html

I'm hoping to have a working prototype of this dashboard in time for some of the great Solana hackathons coming up (Bonkathon by Radiants DAO has a public goods track I'm loving the looks of! - https://twitter.com/RadiantsDAO/status/1745135222172319907)

You can stay up to date with me right here on Bulb, or for more frequent updates Twitter

Peace ✌️
-flytrap 🌱







Write & Read to Earn with BULB

Learn More
Enjoy this blog? Subscribe to SpamEater

0 Comments

B
No comments yet.
Most relevant comments are displayed, so some may have been filtered out.