Users claim that cash from well-known internet-connected "hot" wallets like Phantom, Slope, and TrustWallet have been siphoned off without their knowledge, making the Solana ecosystem the target of cryptocurrency's most recent hack.
According to blockchain auditors OtterSec, the attack is still underway, and over 8,000 wallets have been hacked thus far. A number of Solana addresses have been connected to the attack (1, 2, 3, 4), and those wallets amassed SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.
The precise reason for Tuesday's attack, which appeared to primarily affect users of mobile wallets, remained unknown late into Tuesday night. A trusted third-party service may have been hacked in a so-called supply chain attack if the attacker managed to sign (i.e., start and approve) transactions on behalf of users.
The hack will unavoidably revive a long-running discussion about the safety of hot wallets, which are used by users to send, store, and receive cryptocurrency and are always online. Cold wallets are hailed as a more secure, albeit less practical, option. These USB devices must be plugged into a computer to sign transactions.
"We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information,” a representative of Phantom, the largest Solana hot wallet, told CoinDesk in a statement. “The team doesn't believe this is a Phantom-specific issue at this time.”
Some users initially suspected the hack could be related to transactions on Magic Eden’s Solana-based non-fungible token (NFT) marketplace, though this link became less clear as the attack wore on. Magic Eden did not respond to CoinDesk’s request for comment but tweeted a warning for users to revoke permissions from its wallet to avoid being attacked. It also suggested users "[m]ove everything to a cold wallet/ledger."
Twitter continues to be flooded with reports of Solana users noticing that tokens have suddenly been drained from their accounts.
“I was getting my sunglasses refit when I got a push notification from my mobile wallet that I had sent all the SOL from my wallet,” Solana community member @gostak_gm told CoinDesk. “It was my main hot wallet, so I had it connected to lots of different mobile and web extension wallet providers as well as a lot of dapps. Not clear to me what could have been the root cause. Glad to have most of my funds on a cold wallet.”
It is unclear at this point whether the vulnerability is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.
Solana – the fifth-largest blockchain by total value locked (TVL) according to DefiLlama – has grown in popularity over the past year owing to its quick transactions and low fees. Its native token, SOL, dropped 4% in the hours following the attack.
Your post was upvoted and resteemed on @crypto.defrag
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks <3
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit