PANews reported on December 3rd that SlowMist disclosed on its official WeChat account that it recently received a request for help from a user who claimed to have been targeted by a phishing attack. The user discovered abnormal authorization records in their Solana wallet, attempted to revoke the authorization but was unable to do so, and provided the affected wallet address. On-chain analysis revealed that the user's account owner privileges had been transferred to an address starting with "GKJBEL". Furthermore, the user had already lost assets worth over $3 million USD, and another $2 million USD worth of assets were held in DeFi protocols and could not be transferred (this $2 million USD worth of assets has now been successfully recovered with the assistance of the relevant DeFi platforms).

The victim attempted to transfer funds from the account to their own address to verify authorization, but all transactions failed. This situation is highly similar to the "malicious multi-signature" attacks that frequently occur in the TRON ecosystem. In other words, this attack is not a traditional "authorization theft," but rather the attacker replaced the core permissions (Owner permissions), rendering the victim powerless even if they wanted to transfer funds, revoke authorization, or operate DeFi assets. The funds are "visible," but no longer under their control.