Unknown actors gained access to the funds belonging to Solana-based wallet owners, siphoning off millions of dollars.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
Initially, blockchain-auditor OtterSec reported the depletion of more than 5,000 wallets within hours. The transactions were signed by the owners, which, according to researchers, suggests a private-key compromise.
These transactions are being signed by the actual owners, suggesting some sort of private key compromise. pic.twitter.com/UTMq4NWErd
— OtterSec (@osec_io) August 3, 2022
PeckShield specialists preliminarily estimated losses at $8 million.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
According to Elliptic, during the attack hackers stole more than $5.2 million in SOL tokens, over 300 Solana-based tokens, and NFTs.
Some reports indicate that wallets that had been inactive for more than six months were hardest hit.
🚨 Widespread Solana private key compromise 🚨
— attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
— affecting wallets that have been inactive for >6 months
— both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q— foobar (@0xfoobar) August 3, 2022
The attack affected wallets Trust Wallet, Phantom and Slope. In Solana, users were urged to transfer assets to hardware wallets. Binance chief Changpeng Zhao also advised moving assets to cold wallets or centralized exchanges.
As of writing, the cause of the breach was unknown. Preliminary reports indicate that attackers exploited a vulnerability.
According to CoinGecko, in the wake of the hack, the SOL token fell by 4.6%.
Atlas VPN notes that in the first half of 2022, hackers stole almost $2 billion from crypto projects.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analytics.