Solana, an increasingly popular blockchain known for its fast transactions, has become the target of the crypto-sphere’s latest hack after users reported funds being withdrawn from internet-connected “hot” wallets.
An unknown actor withdrew funds from 7,767 wallets on the Solana network, Solana’s status Twitter account, as of 5am UTC on Wednesday said. Blockchain security firm SlowMist’s crypto tracker identified that more than 8,000 wallets were emptied. It is estimated The loss so far is around $8 million.
The attack – which only affected “hot” wallets, or wallets that are always connected to the internet and allow people to easily store and send tokens – does not appear to be limited to Solana. Justin Barlow, an investor at Solana Ventures, reported that his USDC balance had also been used up. Crypto Analyst @0xfoobar confirmed that “the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)… affecting wallets that have been inactive for less than 6 months.”
The attack has compromised other wallets including Phantom, Slope, Solflare and TrustWallet. Depleted wallets should be treated as compromised and abandoned, Solana warned, as it encouraged users to switch to hardware or “cold” wallets.
Phantom, a fast-growing Solana-based wallet that hit $1.2 billion in January, said it is “working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem.”
“At this time, the team does not believe this is a Phantom-specific issue,” says the wallet developer.
Slope added that it is “actively working to resolve the issue as soon as possible and fix it as best we can,” while non-fungible token (NFT) marketplace Magic Eden urged users to remove permissions for suspicious links in revoke their phantom wallets.
The cause of the attack remains unclear, but industry leaders like Emin Gün Sirer, founder of another popular blockchain avalanche, pointed out that transactions were properly signed, meaning the vulnerability could be a “supply chain attack” that manages to steal users’ private keys. @0xfoobar added that “it’s likely something led to widespread private key compromise,” warning that revoking wallet permissions probably won’t help.
Solana spokesperson Chris Kraeuter declined to answer our questions, but referred us to Solana’s Status Twitter account, which states that the company’s engineers are “currently working with multiple security researchers and ecosystem teams to determine the currently unknown cause of the… to identify exploits.”
The Solana attack comes just hours after malicious actors misused a “messy” security exploit to steal nearly $200 million in digital assets from cross-chain messaging protocol Nomad. The “free-for-all” attack, which drained $152 million — 80% of the stolen funds — from more than 41 addresses, was made possible by a recent update to a smart contract by Nomad that made it easy for users to fake transactions.
This is an evolving story.
https://techcrunch.com/2022/08/03/solana-wallet-hack/ Thousands of Solana wallets drained in multimillion dollar exploit – TechCrunch