Thousands of digital wallets on the Solana blockchain were drained of funds by a “malicious actor” last night. Over $5.2 million in crypto assets were lost in the attack, but Solana is blaming external software, stating that it’s not an issue with its own blockchain.
Cybersecurity experts have surmised that it may be a vulnerability in the wallet software, not the Solana blockchain itself, which will at least be a relief for some. The last update from Solana from this morning says: “This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.”
The attack drained over 8,000 wallets though that number could rise if more and more users report compromised wallets. The affected wallets include but are not limited to Solflare, Trust Wallet, Phantom, and Slope.
Phantom took to Twitter to say that it, too, is working with Solana though it says at “this time, the team does not believe this is a Phantom-specific issue.”
Solflare has posted some security updates and said, “we are following the situation closely, and we feel the pain in the community,” and accompanied it with a sad face emoji.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.August 3, 2022
The root cause of the exploit is still being looked into, but OtterSec, a blockchain auditor, said on Twitter that the transactions were “signed by the actual owners, suggesting some sort of private key compromise.” They also claim that some users on the Ethereum blockchain might be affected, though not as prevalent as Solana.
Elliptic, a blockchain analysis firm, says the assets stolen were “SOL, a small number of non-fungible tokens (NFTs) and over 300 Solana-based tokens.”
Solana also strongly encourages people to use hardware wallets (or cold wallets), since there is no evidence that the exploit has affected them, and to move their funds to a centralized platform. If you had your wallet drained, consider it compromised and do not continue using it. It’s also good practice to keep your funds in a cold wallet and only use wallet software (or hot wallets) in small amounts for making transactions.
Solana is asking victims to complete a survey to help its engineers investigate exactly what happened.