On the morning of August 3, the crypto community on Twitter was passing many reports that the Solana network had a significant security hole. It has been discovered that many crypto wallet funds have been massively withdrawn without the owners’ knowledge, with a value of up to several million USD.
Thousands of users took to Twitter to report their SOL being stolen from connected hot wallets such as Phantom, Slope, and Trust Wallet. With the attack still ongoing, details remain sketchy. However, over 8000 wallets have been compromised, according to data sourced from blockchain auditors OtterSec.
Several Solana addresses have been linked to the ongoing attack, with the wallets in question amassing millions of SOL, SPL, and other Solana-based tokens drained from unsuspecting wallets. According to the data obtained, over 8,000 Solana wallets were reported by SlowMist with $580 million stolen; this number shows no sign of stopping.
The more than 8,000 Solana wallets reported by SlowMist with a stolen $580 million include one illiquid Shitcoins, which were shown to be worth 570 million on Solscan. Therefore, the real stolen amount is temporarily less than 10m. https://t.co/b3UdpAoGKO
— Wu Blockchain (@WuBlockchain) August 3, 2022
Solana’s team is still meeting to find out the cause, but no specific conclusions have been announced.
Cause of Attack Details Remain Sketchy
The exact cause of the attack remains unknown at present. However, community members are scrambling to trace the source of the attack. However, what is clear is that the attack seems to have impacted mobile wallet users the most, with the attacker somehow managing to sign transactions on behalf of users and wallet owners. This suggests that there could be a third-party service that could have been compromised in a supply-chain attack.
The private-key exploit resulted in the hacker stealing native SOL and SPL tokens from hot wallets, most of which had been inactive for more than six months, with Phantom and Slope wallet users being hit the hardest.
🚨 Widespread Solana private key compromise 🚨
– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for >6 months
– both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
— foobar (@0xfoobar) August 3, 2022
Twitter user foobar shed some light on the methodology used by the attackers, stating that while the cause of the exploit was unknown, it could be the result of an upstream dependency supply chain attack. He also stated that revoking prior approvals would not help ensure the security of the funds, adding that the only viable option was moving funds to an offline wallet.
However, suppose a hardware wallet is not an option. In that case, users can also shift their assets to a reliable centralized exchange for the time being.
Solana Community Reacts
While the concerned parties are looking into the exploit, worried users reached out to wallet providers for an update and clarity on the source of the attack. Phantom provided users an update on Twitter, stating that it was working to determine the cause of the attack.
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
As soon as we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022
Other community members speculated that the exploit could be related to Magic Eden’s Solana-based NFT marketplace. However, this link remained doubtful as the attack continued. So far, Magic Eden has not commented on the situation but tweeted a warning, advising users to revoke permissions from the wallet and move assets to a cold wallet.
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links
— Magic Ethen 🪄 (@MagicEden) August 3, 2022