On Wednesday, a multi-million dollar hack on the Solana network occurred as shocked customers discovered that their wallets had been emptied entirely.
In a successful smash-and-grab raid on user wallets, the hacker stole about $6 million.
While the precise attack method is yet unknown, discussion about the root cause is growing.
Users claim that their money was syphoned without their knowledge from well-known hot wallets like Phantom, Slope, and TrustWallet, thus making the Solana ecosystem the target of cryptocurrency’s most recent hack.
According to blockchain auditors OtterSec, the attack is still underway, and over 8,000 wallets have been hacked thus far. Several Solana addresses have been connected to the hack, and those wallets amassed SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.
The precise reason for Tuesday’s attack, which appeared to affect users of mobile wallets primarily, remains unknown.
A trusted third-party service may have been penetrated in a so-called supply chain attack, as the attacker managed to sign in, start and approve transactions on behalf of users.
The hack will unavoidably revive a long-running discussion about the safety of hot wallets, which are used by users to send, store, and receive cryptocurrency and are always online. Cold wallets are hailed as a more secure, albeit less practical, option. These USB devices must be plugged into a computer to sign transactions.
Probable reasons for the hack
One of the first people to tweet about the exploit was @SolportTom, a contributor to the Solana ecosystem.
“There wasn’t any mint that happened at the time of the drain,” said Tom, one of Solana ecosystem contributors. “The transactions look like normal transfers, not transfers from a contract. This is eco-system-wide, people speculating that it has to do with a gambling service.”
While several users immediately made the connection between the attack and Phantom wallet, the business instantly refuted these claims.
“At this time, the team does not believe this is a Phantom-specific issue.”
A different crypto engineer, @0xfoobar, offered his own explanation for the attack’s origin, connecting it to a widespread private key compromise.
Foobar believes that both the Phantom and Slope wallets are impacted, giving Phantom’s allegations some credence.
Although this connection became less obvious as the attack progressed, several users first believed the hack might be connected to transactions on Magic Eden’s Solana-based non-fungible token (NFT) marketplace. In order to prevent attacks, Magic Eden tweeted a warning urging users to deactivate permissions from its wallet. Also recommended were users, “move everything to a cold wallet and ledger.”
Keeping safe on Solana
Users of these Solana wallets have been encouraged to deactivate access to everything and send all of their money to a hardware wallets in the absence of a definitive explanation for the attack.
Sending all funds to a centralised custodial exchange is a suitable temporary fix for individuals without a hardware wallet.