Login
Login
BlueMagic-Methylene-Blue-AD

Latest Blog Posts

READ ALL BLOGS

Newest Airdrop Guides

SANDchain Airdrop Guide - TokenHunters

SANDchain Airdrop Guide

Tokenhunters 16 October 2025

SANDchain is a new, zk-powered blockchain network designed to provide financial infrastructure for the global creator economy, particularly within The Sandbox ecosystem.

Read More »
BROWSE ALL AIRDROPS
Trove Markets - Solana Scam - Bit-flip Attack

Trove Markets on Solana — A Dangerous Scam Targeting NFT Traders

16 October 2025 (updated 16 October 2025) Published by

At TokenHunters, our mission is simple, to help the Web3 community discover legitimate projects, earn airdrops safely, and avoid scams.

Every project listed on our platform goes through a strict vetting process, ensuring that users interact only with trustworthy ecosystems.

Today, we want to issue an urgent warning about a malicious platform called Trove Markets operating on the Solana blockchain.

⚠️ What Is Trove Markets?

Trove Markets presents itself as a “collectible perpetual protocol” built on Solana, claiming to allow users to trade NFTs with leverage and fractionalized collectibles.
It distinguishes itself from similarly named projects like Arbitrove Protocol on Ethereum, claiming to take advantage of Solana’s speed and low fees.

At first glance, Trove Markets appears legitimate, interesting video promo, the platform is being promoted by verified accounts, influencers, and airdrop hunters across X (Twitter). This widespread promotion looks like a paid campaign, which is already a red flag in our vetting process.

But things got much worse when we tested it ourselves.

TroveMarketsonX

TokenHunters Vetting Test

As part of our routine due diligence, we connected a test wallet to Trove Markets’ dApp to observe how it interacts with Solana wallets such as Phantom.

At first, everything looked normal:

  • A standard Phantom pop-up appeared asking for a “Sign in” transaction.

  • The transaction showed no immediate suspicious data.

However, once we signed the request, the site began loading indefinitely, and Phantom displayed a chilling warning:

“⚠️ This account might be malicious. Do not send funds or deposit into it. Please proceed with caution.”

Schermafbeelding 2025 10 16 193100

We clicked Read More, which led to Phantom’s official warning documentation. Following the steps provided, we checked our wallet address on Solscan.io and confirmed the worst:

Our wallets ownership had been changed.

💀 What Happened — A “Bit-Flip Attack”

Trove Markets beta access waitlist sign-up executes what’s known as a Bit-Flip Attack, a form of ownership hijacking.

In this attack, the malicious site tricks the user into signing a transaction that changes the owner of their wallet account to a malicious program.

Once this happens:

  • The attacker effectively controls the account.

  • They can withdraw any tokens that enter it afterward.

  • The user still sees their funds in Phantom, but cannot move, trade, or sell them.

How to Check if You’ve Been Compromised

You can verify your wallet’s status by inspecting the Owner field on Solscan.io:

  1. Go to solscan.io.

  2. Enter your wallet address in the search bar.

  3. In the “More Info” section, locate the Owner field.

If the owner is not the “System Program”, your account has likely been compromised.

What “Owner” Means

Every Solana account has an “Owner,” usually a Solana program that governs what it can do.
By default:

  • Wallet accounts are owned by the System Program, which allows transfers and account management.

  • If the owner changes, the new program (or attacker) gains control of that account’s assets.

Once ownership is transferred, you no longer control your wallet, even if Phantom or Solflare still display your balance.

TokenHunters’ Commitment to Safety

At TokenHunters, we take pride in protecting our users through a multi-layered vetting process:

  • We independently test every dApp using dedicated test wallets.

  • We review on-chain interactions, smart contracts, and community reports.

  • We never list projects that fail even one major safety check.

In this case, Trove Markets failed immediately, showing signs of a coordinated scam aimed at stealing wallets under the guise of a new Solana trading protocol.

Fortunately, we used a test wallet, so our primary accounts and user data remained safe. However, this incident underscores how real and sophisticated these attacks have become.

Our Advice to the Community

  • Do NOT connect your wallet to Trove Markets or any site associated with it.

  • Revoke any existing permissions you may have granted via https://solanabeach.io/token-approvals or https://solanart.io.

  • If you suspect compromise:

    • Create a new wallet immediately.

    • Transfer assets to a new address.

    • Avoid interacting with the compromised wallet.

Final Thoughts

This is a must-read warning for the Solana and airdrop communities:

Trove Markets is not a legitimate trading protocol, it’s a wallet-draining scam using advanced ownership attacks to steal from unsuspecting users.

As Web3 evolves, scams are becoming more sophisticated. Stay cautious, use test wallets for new projects, and always verify the ownership and transaction data before signing anything.

STAY SAFE WITH TOKENHUNTERS!

At TokenHunters, we’re committed to protecting the community.
Follow us for:

  • Verified airdrop guides

  • Project safety reports

  • Real-time scam alerts

Share this post to protect others, let’s keep Web3 safe, together.

Comments

No comments yet