On the morning of August 3, the crypto community on Twitter was passing many reports that the Solana network had a significant security hole. It has been discovered that many crypto wallet funds have been massively withdrawn without the owners’ knowledge, with a value of up to several million USD.
Thousands of users took to Twitter to report their SOL being stolen from connected hot wallets such as Phantom, Slope, and Trust Wallet. With the attack still ongoing, details remain sketchy. However, over 8000 wallets have been compromised, according to data sourced from blockchain auditors OtterSec.
Several Solana addresses have been linked to the ongoing attack, with the wallets in question amassing millions of SOL, SPL, and other Solana-based tokens drained from unsuspecting wallets. According to the data obtained, over 8,000 Solana wallets were reported by SlowMist with $580 million stolen; this number shows no sign of stopping.
Solana’s team is still meeting to find out the cause, but no specific conclusions have been announced.
Cause of Attack Details Remain Sketchy
The exact cause of the attack remains unknown at present. However, community members are scrambling to trace the source of the attack. However, what is clear is that the attack seems to have impacted mobile wallet users the most, with the attacker somehow managing to sign transactions on behalf of users and wallet owners. This suggests that there could be a third-party service that could have been compromised in a supply-chain attack.
The private-key exploit resulted in the hacker stealing native SOL and SPL tokens from hot wallets, most of which had been inactive for more than six months, with Phantom and Slope wallet users being hit the hardest.
https://twitter.com/0xfoobar/status/1554627762807349249?s=20&t=R4UDfweZ2aOaDoCkwNJZ4A
Twitter user foobar shed some light on the methodology used by the attackers, stating that while the cause of the exploit was unknown, it could be the result of an upstream dependency supply chain attack. He also stated that revoking prior approvals would not help ensure the security of the funds, adding that the only viable option was moving funds to an offline wallet.
However, suppose a hardware wallet is not an option. In that case, users can also shift their assets to a reliable centralized exchange for the time being.
Solana Community Reacts
While the concerned parties are looking into the exploit, worried users reached out to wallet providers for an update and clarity on the source of the attack. Phantom provided users an update on Twitter, stating that it was working to determine the cause of the attack.
Other community members speculated that the exploit could be related to Magic Eden’s Solana-based NFT marketplace. However, this link remained doubtful as the attack continued. So far, Magic Eden has not commented on the situation but tweeted a warning, advising users to revoke permissions from the wallet and move assets to a cold wallet.
