Solana Shutdown: ecosystem compromised with millions of dollars drained
The hack marathon continues with the Solana blockchain being the latest victim. Solana went through a four-hour crash because of a blockchain processing transaction bug. Approximately 8,000 web-connected hot wallets were compromised and drained with an estimated loss of $8m. The source of the hack remains unknown.
As tweeted by Solana's Status account at 5am UTC on Wednesday, “An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.” Wallets affected by the hack include Phantom, Slope, Solflare, and TrustWallet.
According to PeckShieldAlert, a service that detects real-time scam tokens and phishing sites, the total loss of the hack amounts to $8 million.
Source: Twitter
The attack affected “hot” wallets and as noted by Solana Ventures investor Justin Barlow, Solana-linked wallets were not the only ones drained - USDC balances were drained too. This claim was also confirmed on Twitter by analyst @0xfoobar:
Source: Twitter
The Solana-based wallet provider Phantom stated via its official Twitter account that they are investigating the case and that, “the team does not believe this is a Phantom-specific issue.”
Source: Twitter
Slope also claimed that they are working with Solana Labs to get to the bottom of the hack.
Source: Twitter
Binance CEO also commented on the SOL exploit, suggesting users “send funds to a cold wallet”.
Supposedly those impacted by the attack were users of mobile wallets. The hacker managed to initiate and approve transactions in place of other users while compromising a third-party service.
This unfortunate case will raise further discussions about the security and safety of hot wallets that operate when connected to the internet. Undoubtedly cold wallets, which are USB drives that require holders to plug them into the computer in order to proceed with transactions, are not as convenient, yet are more secure.
Source: Twitter
In the meantime, we will be watching the investigation unfold.
Earlier we wrote that Immunefi conducted research and reported that crypto-related hacker attacks amounted to over $670 million in the second quarter of 2022.