VERDICT —OUT OF SCOPE
Root cause is a frontend / UI hijack — users authorized the malicious transaction from a compromised site or DNS. On-chain contract was not the failure surface; pre-deployment audit cannot catch this class.
▰ METHOD
FRONTEND
FRONTEND
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards. Attack method (per SlowMist): Frontend Attack. Reported loss: -.
Primary source
https://www.odaily.news/newsflash/386398 ↗Sourced from
slowmist
Technical record
- chain
- solana
- protocol
- Parcl
- bug_class
- frontend
- date_occurred
- 2024-08-20
- loss_usd
- —
- source_id
- sm:parcl::2024-08-20
Related — same bug class· frontend