Solana, an increasingly popular blockchain known for its speedy transactions, has become the target of the crypto sphere’s latest hack after users reported that funds have been drained from internet-connected “hot” wallets.
An unknown actor drained funds from 7,767 wallets on the Solana network as of 5am UTC on Wednesday, Solana’s Status Twitter account said. However, blockchain security firm SlowMist’s crypto tracker identified that more than 8,000 wallets had been drained. It’s estimated the loss so far is around $8 million.
The attack – which has only affected only “hot” wallets or wallets that are always connected to the internet, allowing people to store and send tokens easily – does not appear to be limited to Solana. Justin Barlow, an investor at Solana Ventures, reported that his USDC balance was drained as well. Crypto analyst @0xfoobar confirmed that “the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)… affecting wallets that have been inactive for less than 6 months.”
The attack has compromised other wallets including Phantom, Slope, Solflare, and TrustWallet. Wallets drained should be treated as compromised and abandoned, Solana warned as it encouraged users to switch to hardware or “cold” wallets.
Phantom, a fast-growing Solana-based wallet that hit $1.2 billion in valuation in January, said it’s “working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem.”
“At this time, the team does not believe this is a Phantom-specific issue,” the wallet developer says.
Slope added that it is “actively working to sort out the issue as rapidly as possible and rectify best we can”, while non-fungible token (NFT) marketplace Magic Eden called on users to revoke permissions for any suspicious links in their Phantom wallets.
The cause of the attack remains unclear, but industry leaders including Emin Gün Sirer, founder of another popular blockchain Avalanche, pointed out that the transactions were properly signed, which means the vulnerability could be a “supply chain attack” that manages to steal users’ private keys. @0xfoobar added that “it’s likely something has caused widespread private key compromise”, and warned that revoking wallet approvals will probably not help.
Solana spokesperson Chris Kraeuter declined to answer our questions but referred us to Solana’s Status Twitter account, which states that the company’s engineers “are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.”
The Solana attack comes just hours after malicious actors abused a “chaotic” security exploit to steal almost $200 million in digital assets from cross-chain messaging protocol Nomad. The “free-for-all” attack, which saw more than 41 addresses drain $152 million — 80% of the stolen funds – was made possible by a recent update to one of Nomad’s smart contracts that made it easy for users to spoof transactions.
This is a developing story.