An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night. The hack, which was still ongoing at 8:00 PM PST, seemed to originate on the Solana browser wallet Phantom and was believed to compromise user keys—possibly involving seedphrases that were re-used among wallets on different chains
“Over 5,000 Solana wallets have been drained in the past few hours,” blockchain audit firm OtterSec reported earlier in the evening. “These transactions are being signed by the actual owners, suggesting some sort of private key compromise.”
Solana's status updates Twitter account reported that 7,767 wallets have been affected, and noted that "engineers are investigating the root cause" on Wednesday morning. A data dashboard tracking hacked funds and wallet activity suggests a much higher figure, however.
According to Solscan, a total of 15,220 wallets have been affected, and a total of $4.46 million in tokens, primarily SOL and USDC, have been robbed.
Breakdown of cryptocurrencies stolen in USD across the hacker's wallets. Image: Solscan.
Engineers across the Internet, including blockchains other than Solana, have been working on trying and understanding both the cause of the exploit and its extent.
"We are actively communicating with the affected wallet teams to offer our help and monitor if there is anything we can do to keep our users safer," a spokesperson for the Ethereum wallet MetaMask told Decrypt.
Initial reports singled out the Solana browser wallet Phantom and the Solana ecosystem. The news has already prompted an 8% drop in Solana's value in the two hours following the first reports of the attack, according to CoinMarketCap, which also notes a 45 percent increase in trading volume in the last 24 hours.
"There's an unknown $SOL exploit currently draining random Phantom wallets," said crypto investor and analyst Miles Deutscher. "$6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet."
Popular Solana NFT marketplace Magic Eden also took to Twitter to warn of the exploit.
"There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem," the account wrote. In the tweet, Magic Eden provided instructions to remove permissions for suspicious links.
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself 1. Go to >Settings on your @phantom wallet 2. >Trusted Apps 3. >Revoke Permissions for any suspicious links
Phantom says it is investigating the reported exploits.
"We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem," Phantom tweeted. "At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update."
Solana, USDC primary cryptocurrencies stolen
But the attack does not appear to be limited to Solana. Another user reported his USDC balance was drained as well.
Twitter user Justin"Justin.sol" Barlow posted: "My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained."
For reference I haven't interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained
Crypto analyst and author @0xfoobar confirmed that "the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)... affecting wallets that have been inactive for less than 6 months."
Theorizing that it might be an "upstream dependency supply chain attack," he added that the widespread advice of revoking wallet approvals will probably not help — only transferring to an offline hardware wallet would protect funds.
"These SOL and SPL transfers are signed by the users themselves, not transferred away by a third party using approvals," @0xfoobar explains. "So while you can revoke, it's likely something has caused widespread private key compromise."
🚨 Widespread Solana private key compromise 🚨
- attacker is stealing both native tokens (SOL) and SPL tokens (USDC) - affecting wallets that have been inactive for >6 months - both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
"There is no way an 'interaction' could make a wallet vulnerable," Solana Labs cofounder Anatoly Yakovenko further clarified. "Only a token specific delegation or an auto approve or a leaked seed could transfer assets from a wallet on behalf of the user. Since system transfers are happening, that rules out delegation."
Only a token specific delegation or an auto approve or a leaked seed could transfer assets from a wallet on behalf of the user. Since system transfers are happening, that rules out delegation. There is no way an “interaction” could make a wallet vulnerable https://t.co/Pdrmjk1WYZ
Bitcoin price volatility has sunk to historical lows with its price hovering about 2% off its all-time high, but QCP Capital analysts are warning investors to "beware the quiet."
"Volatility may be on summer break, but Q3 and Q4 could still deliver fireworks," the analysts wrote in a recent blog post.
The current low volatility is a sign that markets have priced in a Goldilocks scenario with delayed tariffs, rate cuts from the Federal Open Markets Committee later this year, and sustained fiscal...
Will Solana token launchpad Pump.fun drop its own token? According to a major crypto exchange, the platform is planning to do so later this week—though the page detailing the potentially $600 million sale has since been pulled.
According to a page on crypto exchange Gate that was apparently removed following substantial social media attention, Pump.fun is gearing up to offer its PUMP token for sale starting July 12.
Per the now-deleted page, Pump.fun and Gate will offer 150 billion PUMP in a pub...
Publicly traded firms Semler Scientific and Metaplanet both bought more Bitcoin on Monday, adding to their already large holdings even as Bitcoin treasury trend-setter Strategy paused its purchases.
Semler, a firm that develops products for treatment and detection of chronic disease, bought 187 Bitcoin for $20 million. Japanese investment firm Metaplanet snagged 2,205 BTC for nearly $239 million.
Semler now holds 4,636 BTC worth more than $500 million while Metaplanet’s treasury has grown to 15...