- A massive hack on the Solana network has seen more than 8,000 wallets drained of funds
- The hot wallets, principally Phantom and Slope, had SOL, USDC and other coins stolen
- The value of the hack is thought to be around $4.5 million
An attack on the Solana ecosystem has seen thousands of Solana hot wallets compromised and their funds taken. At this stage, the cause of the hack remains unknown but the damage is vast, with over 8,000 wallets affected and millions of dollars in coins taken. Those with a Solana hot wallet, such as Phantom and Slope, which have been targeted, are being advised to remove their funds to a hardware wallet or reputable exchange.
8,000+ Wallets Hit
Solana NFT exchange Magic Eden was among the first big players to acknowledge the hack, offering advice to Phantom wallet users on how to protect themselves:
🚨🚨🚨There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem
Here’s what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links💜
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
Crypto compliance outfit Slowmist reported that more than 8,000 wallets had been impacted, with around $580 million worth of SOL and USDC (through SLP tokens)being stolen. However, it was soon realised that the vast majority of this was almost the entire supply of a defunct shitcoin called Exist, bringing the value to around $4.5 million again.
Attack Method As Yet Unknown
Slowmist identified four addresses that were receiving the funds, with SOL and USDC being the principle coins stolen. Binance CEO Changpeng Zhao tweeted that the root cause was still unknown as of early this morning, but advised holders to send their funds to a cold wallet or, unsurprisingly, to Binance.
It didn’t take long for holders to flood Twitter with stories of loss:
anyone please help me😢, this money is for my live in 2 months, i don’t know what to do. I’ve been college rn, i don’t know what should i do, everyone please help me out😠pic.twitter.com/cuwyFGgu5i
— afifsyaifullah.sol (@AfifSyaifulla13) August 3, 2022
Thank you sol for letting my money goes away @MagicEden pic.twitter.com/zpOlDgyJNI
— reda (@redadev7) August 3, 2022
While no concrete method has yet been identified as to how the hackers managed such a widespread attack, computer scientist Emin Gün Sirer put forward a theory of a “supply chain attack” where a library within the code is hacked and the keys exfiltrated, a hack that compromised IOTA in 2020 and kept the blockchain offline for more than a month.
No doubt more will emerge from this story in the coming days and weeks, and we’ll keep you up to date with all the latest developments.
