What Happened to Solana?
More than $6 million have been stolen from more than 5000 Solana wallets late Tuesday night, according to a tweet from Solana auditor OtterSec. The tweet is supported by other accounts on Twitter that claimed their holdings were wiped in a matter of minutes.
The Solana auditor revealed that the transactions were in fact authorized by the owners of the wallets, suggesting a private key breach on a massive scale.
ETH users may also be impacted by the attack. It is uncertain that the attack is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.
See also: What is Solana (SOL token): explained
What Caused the Solana Attack?
The exact cause of the Solana attack is as yet unknown, but Magic Eden, leading NFT marketplace of Solana, urged all Solana users to “revoke permissions for any suspicious links” as well as all apps if necessary.
Reports indicate that all internet-connected hot wallets on Solana such as Phantom and Slope have been affected. Wallets that have not been used in more than six months seem to be mostly targeted, and all Phantom wallets have been compromised.
Phantom tweeted, “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.”
On the other hand, crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.
Sam Bankman-Fried, founder and CEO of FTX, commented in an interview with Fortune, “this wasn’t a core blockchain problem, likely seems like one app someone built was buggy.”
Slope wallet to blame for the Solana attack?
Solana is still investigating the hack, but so far is suggesting that wallet provider Slope is largely responsible for the security exploit. In a tweet, they state that “…it appears affected addresses were at one point created, imported, or used in Slope wallet applications.”
The Solana team has also found that whilst 60% of the victims were Phantom users, those who were affected did not generate their seed phrase using Phantom. Also, those who were solely Phantom users did not have their wallets drained.
How Do I Protect Myself from this Attack?
Users are advised to move their funds to a cold wallet such as a Ledger or Trezor hardware wallet, and ensure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.
For users without a hardware wallet, sending funds to major crypto exchange is a viable temporary solution.
In the form of a community warning, web3 gaming company Star Atlas also urges users to withdraw permission for all of the apps in their wallets and shift money to cold storage with the Solana exploit underway.
I have been affected by the Solana attack. What should I do?
As ongoing investigations suggest that Slope may be responsible for the recent hack, Solana co-founder Anatoly Yakovenko advised Slope wallet users to regenerate their feed phrase in a different wallet.
Slope has also issued a statement recommending ALL Slope users (not just those affected by the Solana attack) create a new and unique seed phrase wallet and transfer all their assets there. They also reassure users who have been using hardware wallets that their keys have not been compromised. Check this page for our hardware wallet reviews and guides.
Note: Until 8th Aug 2022, Ledger is offering 10% off the Ledger Nano X and Ledger Nano S Plus when entering the code MOVESOL2LEDGER at checkout. Click here to buy!
Is the Attack Still Ongoing?
It’s unknown at this point whether the breach is still active, where it came from, and whether any further user funds are still in danger. Blockchain fraud investigator @zachxbt revealed that the attackers funded the main wallet connected to this operation via Binance seven months ago.
The transaction history reveals that the wallet was inactive until today, at which point, the hackers made transactions with four separate wallets ten minutes before the incident occurred.
Frequently Asked Questions (FAQ)
The current best strategy is to move funds into a cold wallet – such as the ledger hardware wallet. Make sure that the wallet has no previous approved authorizations to spend funds and is created offline following best security practices.
If you don’t have a hardware wallet, moving funds to a major crypto exchange is also a viable option now. However, it is recommended that users should get a hardware wallet and transfer their funds there as soon as possible. Check this page for our hardware wallet reviews and guides.
Multiple wallets – Phantom, Slope, Solflare, TrustWallet – across a wide variety of platforms are compromised. It is advised to move your funds to a hardware wallet or major crypto exchange for security purposes.
Investigators identified the following four wallets as the address of the attackers:
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy
The widespread Solana wallet hack certainly impacts the market sentiment toward Solana, and many investors have expressed doubt about the project’s future. As of now, the attack has prompted an 8% drop in Solana’s price in the two hours following the first reports of the attack.
Crypto security firms believe that the exploit was not the result of a vulnerability with the Solana blockchain itself. Instead, they suspect the attack was a result of a mass compromise of users’ private keys by a third party.
An ongoing investigation by Solana suggests that wallet provider Slope is responsible. This is because affected addresses were once created, imported, or used in Slope mobile wallet applications.