The Solana blockchain has become the target of a new hack in the cryptosphere, with users reporting withdrawals from internet-connected hot wallets.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has several affected wallets, including Slope and Phantom. This appears to have both affected mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
As of Wednesday morning, an unknown attacker has stolen funds from 7,767 wallets on the Solana network, according to Solana’s Twitter account. A crypto tracker from blockchain security company SlowMist found that more than 8,000 wallets had been emptied. According to preliminary estimates, the losses amount to about $8 million.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys affects behind wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
The attack only affected “hot” wallets, or wallets that are always connected to the internet, making it easy for people to store and send tokens. It doesn’t seem to be limited to Solana. Justin Barlow, an investor in Solana Ventures, revealed that his USDC balance has also been reset. Cryptocurrency analyst @0xfoobar confirmed that “the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)… affecting wallets that have been inactive for less than 6 months.”
So far more than 8000 wallets and ~$580M were stolen by the following 4 addresses.
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy pic.twitter.com/N7wJlCOi8p— MistTrack?️ (@MistTrack_io) August 3, 2022
The attack compromised other wallets including Phantom, Slope, Solflare and TrustWallet. Empty wallets should be treated as compromised and abandoned, Solana recommends, encouraging users to switch to hardware or cold wallets.
Phantom said it is actively collaborating with other teams “to understand the discovered vulnerability in the Solana ecosystem.” However, “the team does not believe this is a Phantom-related issue.” Slope also said they are actively working to resolve the issue. The Solana team wrote on Twitter that they are “working with several security researchers and ecosystem teams to determine the root cause of the exploit, which is currently unknown.”
Avalanche blockchain founder Emin Gun Sirer indicated that the transactions were properly signed. This means that users’ private keys could have been stolen. @0xfoobar added that “probably something caused the private key to be massively compromised” and warned that revoking the wallet’s permission probably won’t help.
Source: techcrunch