What Happened to Solana?
More than $6 million have been stolen from more than 5000 Solana wallets late Tuesday night, according to a tweet from Solana auditor OtterSec. The tweet is supported by other accounts on Twitter that claimed their holdings were wiped in a matter of minutes.
The Solana auditor revealed that the transactions were in fact authorized by the owners of the wallets, suggesting a private key breach on a massive scale.
ETH users may also be impacted by the attack. It is uncertain that the attack is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.
See also: What is Solana (SOL token): explained
What Caused the Solana Attack?
The exact cause of the Solana attack is as yet unknown, but Magic Eden, leading NFT marketplace of Solana, urged all Solana users to “revoke permissions for any suspicious links” as well as all apps if necessary.
Reports indicate that all internet-connected hot wallets on Solana such as Phantom and Slope have been affected. Wallets that have not been used in more than six months seem to be mostly targeted, and all Phantom wallets have been compromised.
Phantom tweeted, “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.”
How Do I Protect Myself from this Attack?
Users are advised to move their funds to a cold wallet such as a Ledger or Trezor hardware wallet, and ensure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.
For users without a hardware wallet, sending funds to major crypto exchange is a viable temporary solution.
In the form of a community warning, web3 gaming company Star Atlas also urges users to withdraw permission for all of the apps in their wallets and shift money to cold storage with the Solana exploit underway.
Is the Attack Still Ongoing?
It’s unknown at this point whether the breach is still active, where it came from, and whether any further user funds are still in danger. Blockchain fraud investigator @zachxbt revealed that the attackers funded the main wallet connected to this operation via Binance seven months ago.
The transaction history reveals that the wallet was inactive until today, at which point, the hackers made transactions with four separate wallets ten minutes before the incident occurred.
Frequently Asked Questions (FAQ)
The current best strategy is to move funds into a cold wallet – such as the ledger hardware wallet. Make sure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.
If you don’t have a hardware wallet, moving funds to a major crypto exchange is also a viable option as of now.
Multiple wallets – Phantom, Slope, Solflare, TrustWallet – across a wide variety of platforms are compromised. It is advised to move your funds to a hardware wallet or major crypto exchange for security purposes.
Investigators identified the following four wallets as the address of the attackers:
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy
The widespread Solana wallet hack certainly impacts the market sentiment toward Solana, and many investors have expressed doubt about the project’s future. As of now, the attack has prompted an 8% drop in Solana’s price in the two hours following the first reports of the attack.