Hackers ravaged more than 8,000 Solana crypto wallets — about $8 million was stolen
The Solana blockchain has become the target of a new hack in the cryptosphere, with users reporting withdrawals from online ‘hot’ wallets.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
As of Wednesday morning, an unknown attacker stole funds from 7,767 wallets on the Solana network, according to the Solana Twitter account. Blockchain security company SlowMist’s crypto tracker has found that more than 8,000 wallets have been emptied. According to preliminary estimates, the losses amount to about $8 million.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
The attack only affected ‘hot’ wallets, or wallets that are always connected to the Internet, allowing people to easily store and send tokens. It seems that it is not limited to Solana. Justin Barlow, an investor at Solana Ventures, reported that his USDC balance was also zeroed. Cryptocurrency analyst @0xfoobar confirmed that “the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)…covering wallets that have been inactive for less than 6 months”.
So far more than 8000 wallets and ~$580M were stolen by the following 4 addresses.
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy pic.twitter.com/N7wJlCOi8p— MistTrack🕵️ (@MistTrack_io) August 3, 2022
The attack also compromised other wallets, including Phantom, Slope, Solflare and TrustWallet. Empty wallets should be treated as compromised and abandoned, Solana advises, urging users to switch to hardware or cold wallets.
Phantom said they are actively working with other teams ‘to address the identified vulnerability in the Solana ecosystem.’ That being said, ‘the team does not believe this is a Phantom-related issue.’ Slope also said they are actively working to resolve the issue. The Solana team tweeted that they are ‘working with several security researchers and ecosystem teams to determine the root cause of the exploit, which is currently unknown.’
Avalanche blockchain founder Emin Gun Sirer noted that the transactions were properly signed. This means that users’ private keys may have been stolen. @0xfoobar added that ‘it’s likely that something caused the massive compromise of the private key’ and warned that revoking the wallet’s permission probably won’t help.