Back to Blog

Best Crypto Tracking and Investigation Platform for Solana

MetaSleuth
March 26, 2024

We are thrilled to announce the integration of Solana into MetaSleuth, our comprehensive tracking and investigation platform!

As the Solana ecosystem expands, we recognize the need for robust tools to navigate and analyze its blockchain. With Solana now live on MetaSleuth, users can effortlessly explore Solana, track funds and DYOR, and share valuable insights with others.

The Integration of Solana on MetaSleuth

Solana sets itself apart from other blockchains, such as Ethereum, with its innovative approach to data storage and management. Notably, Solana's design of token accounts offers unique advantages. To provide users with clear analysis and insights into token funds on MetaSleuth, we have implemented special design elements:

  • Owner account information for Solana accounts is now included and can be accessed in the address panel.
Figure 1: The address panel
Figure 1: The address panel

  • To maintain clarity and prevent overwhelming users with individual token account details, we have chosen not to display token accounts on the MetaSleuth canvas.

  • Instead, when users input a token account for analysis, we provide a focused approach. For example, when analyzing the account '2bx7rHMpDUthvur8qnUJN9dNUsjKVE9S6tN16B78FoRG,' which is the USDC token account owned by 'Solend main Pool Vault,' we offer a clear view of the USDC fund flow of the vault. This tailored analysis enables a deeper understanding of fund movement within the Solana ecosystem.

Figure 2: The view of the USDC fund flow of the vault
Figure 2: The view of the USDC fund flow of the vault

These optimized designs enhance clarity and provide users with precise analyses of token funds on Solana within the MetaSleuth platform. Try it out for yourself at: https://metasleuth.io/result/solana/2bx7rHMpDUthvur8qnUJN9dNUsjKVE9S6tN16B78FoRG

Case Study : The Slope Wallet Hack Incident

In August 2022, a significant incident occurred where over 8,000 Solana wallets were drained, resulting in losses of approximately $5.2 million. The attacker's profits were distributed across four different accounts:

GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n

CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu

Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

To initiate the investigation, open a new chart with an empty canvas in the "Saved Charts/Shared Links" panel. Add the four attacker accounts to the canvas, and for each account, click on "Expand Outgoing" to trace the destination of the stolen funds. It appears that the attacker held the funds for several months before initiating transfers and laundering activities from March 2023 onwards.

Figure 3: The chart of expanding fund flow
Figure 3: The chart of expanding fund flow

The account 4JfXWX, the majority of the funds, which were subsequently swapped and transferred further. As of today, a significant amount of funds still remains untransferred in this account.

Figure 4: The funds remains in the account 4JfXWX https://solana.fm/address/4JfXWXd2aenLncrdpJcryX8kZVJUSHyGPnc6HSyhA2Es/transactions

With all USDT tokens having been transferred out of the account, our priority lies in tracking the subsequent transfers of USDT as they may provide crucial clues. Further investigation has uncovered that the funds were sent to Binance. Upon further analysis, it turns out that the attacker leveraged an Instant Cryptocurrency Exchange service that relied on Binance to execute the transfer of funds to another blockchain. For ongoing investigation, you can match corresponding transactions based on the information obtained from the Instant Cryptocurrency Exchange. For more details, refer to this tweet: https://twitter.com/zachxbt/status/1711748033954590900 Figure 5: The subsequent transfers of USDT https://metasleuth.io/result/solana/GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy?source=ff950aab-a7a2-4bd0-a3b0-efb4c60a5a63

Don't hesitate, come and try it out now!

About MetaSleuth

MetaSleuth is a comprehensive platform developed by BlockSec to assist users in effectively tracking and investigating all crypto activities. With MetaSleuth, users can easily track funds, visualize fund flows, monitor real-time fund movements, save important information, and collaborate by sharing their findings with others. Currently, we support 13 different blockchains, including Bitcoin (BTC), Ethereum (ETH), Tron (TRX), Polygon (MATIC), and more.

Website: https://metasleuth.io/

Twitter: @MetaSleuth

Telegram: https://t.me/MetaSleuthTeam

Sign up for the latest updates
The Decentralization Dilemma: Cascading Risk and Emergency Power in the KelpDAO Crisis
Security Insights

The Decentralization Dilemma: Cascading Risk and Emergency Power in the KelpDAO Crisis

This BlockSec deep-dive analyzes the KelpDAO $290M rsETH cross-chain bridge exploit (April 18, 2026), attributed to the Lazarus Group, tracing a causal chain across three layers: how a single-point DVN dependency enabled the attack, how DeFi composability cascaded the damage through Aave V3 lending markets to freeze WETH liquidity exceeding $6.7B across Ethereum, Arbitrum, Base, Mantle, and Linea, and how the crisis forced decentralized governance to exercise centralized emergency powers. The article examines three parameters that shaped the cascade's severity (LTV, pool depth, and cross-chain deployment count) and provides an exclusive technical breakdown of Arbitrum Security Council's forced state transition, an atomic contract upgrade that moved 30,766 ETH without the holder's signature.

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026

This BlockSec weekly security report covers four attack incidents detected between April 13 and April 19, 2026, across multiple chains such as Ethereum, Unichain, Arbitrum, and NEAR, with total estimated losses of approximately $310M. The highlighted incident is the $290M KelpDAO rsETH bridge exploit, where an attacker poisoned the RPC infrastructure of the sole LayerZero DVN to fabricate a cross-chain message, triggering a cascading WETH freeze across five chains and an Arbitrum Security Council forced state transition that raises questions about the actual trust boundaries of decentralized systems. Other incidents include a $242K MMR proof forgery on Hyperbridge, a $1.5M signed integer abuse on Dango, and an $18.4M circular swap path exploit on Rhea Finance's Burrowland protocol.

Weekly Web3 Security Incident Roundup | Apr 6 – Apr 12, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 6 – Apr 12, 2026

This BlockSec weekly security report covers four DeFi attack incidents detected between April 6 and April 12, 2026, across Linea, BNB Chain, Arbitrum, Optimism, Avalanche, and Base, with total estimated losses of approximately $928.6K. Notable incidents include a $517K approval-related exploit where a user mistakenly approved a permissionless SquidMulticall contract enabling arbitrary external calls, a $193K business logic flaw in the HB token's reward-settlement logic that allowed direct AMM reserve manipulation, a $165.6K exploit in Denaria's perpetual DEX caused by a rounding asymmetry compounded with an unsafe cast, and a $53K access control issue in XBITVault caused by an initialization-dependent check that failed open. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Go Deeper with MetaSleuth Investigation

Extend your crypto compliance capabilities with Blocksec's MetaSleuth Investigation, the first platform for tracing funds, mapping transaction networks and revealing hidden on-chain relationships.

Move from detection to resolution faster with clear visual insights and evidence-ready workflows across the digital assets ecosystem.

MetaSleuth Investigation