Photo Credit: Unsplash/ Amjith S
Marking one of this year's largest DeFi attacks so far, around 8,000 crypto wallets on the Solana network have been drained out of around $8 million (roughly Rs. 63 crore) so far. The hack has only impacted ‘hot wallets', that are always connected to the Internet. Most of the attacked wallets had been dormant for around six months. Not just SOL tokens, but Solana Program Library (SPL) tokens, assets that live on Solana's network, are also at risk as the attack is still being considered as ‘underway'.
The Solana-based wallet providers known to have been struck by this attack include Slope, Phantom, and TrustWallet.
As Solana developers addressed the issue on social media, they advised the community members to switch from hot wallets to cold or hardware wallets as a preventative measure.
There's no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.
— Solana Status (@SolanaStatus) August 3, 2022
Do not reuse your seed phrase on a hardware wallet - create a new seed phrase.
Wallets drained should be treated as compromised, and abandoned.
In fresh tweets, Solana developers have said that Slope wallet app could have been the start-point for this attack.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
— Solana Status (@SolanaStatus) August 3, 2022
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
All the concerned wallet providers are internally investigating the reason of the exploit and Phantom has already declined any flaw from its end, TechCrunch reported.
As per Avalanche blockchain founder Emin Gün Sirer, the transactions caused by the hack were all properly signed, indicating towards a potential ‘supply chain attack' where the users' private keys are stolen.
One possible route is a "supply chain attack" where a JS library is hacked, and it exfiltrates (steals) users' private keys. Affected wallets seem to have been created in the last ~9 months, but there are reports of freshly created wallets also being affected.
— Emin Gün Sirer:small_red_triangle: (@el33th4xor) August 3, 2022
The attack on Solana wallets is still being considered underway for now. Investigation has been launched to probe the cause.
The incident comes just a couple of days after Nomad, a cross-chain bridge lost $200 million (roughly Rs. 1,570 crore) in a massive exploit.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.