The Solana ecosystem appears to be the newest victim of the latest crypto exploit, with users reporting that their funds have been drained without their knowledge from major internet-connected “hot” wallets which includes, Phantom, Slope and TrustWallet.
According to findings, the attack is still ongoing, and over 8,000 wallets have been compromised thus far according to blockchain auditors OtterSec. Several Solana addresses have been linked to the attack, with those wallets amassing at least $5 million worth of SOL, SPL, and other Solana-based tokens from unsuspecting users.
The exact cause of the attack remained unclear throughout Tuesday night, though it appears to have predominantly impacted mobile wallet users. According to speculation so far, the attacker somehow obtained the ability to sign, that is to initiate and approve transactions on the behalf of users, suggesting a trusted third-party service may have been compromised in a so-called supply chain attack.
What you should know
- The attack is set to inevitably reignite a long-running debate around the security of hot wallets, which stay connected to the internet at all times in order to provide users a convenient way to send, store, and receive crypto.
- Cold wallets, which are USB drives that must be plugged into a computer to sign transactions, are heralded as a more secure, albeit less convenient, alternative.
- A representative of Phantom, the largest Solana hot wallet explained, “We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information. The team doesn’t believe this is a Phantom-specific issue at this time.”
- Some users also suspect that the hack could be related to transactions on Magic Eden’s Solana-based non-fungible token (NFT) marketplace, though this link became less clear as the attack wore on.
- It is unclear at this point whether the vulnerability is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum. Solana, the fifth-largest blockchain by total value locked (TVL) according to DefiLlama, has grown in popularity over the past year owing to its quick transactions and low fees. Its native token, SOL, is down 4.16% as of the time of this writing.
