Update, August 3, 4:50 p.m. ET: Solana developers say they have identified the root cause of the hack: compromised private keys "created, imported, or used in Slope mobile wallet applications." Read the full details here.
Solana users far and wide last night were startled to find that their wallets were being drained of SOL, the USDC stablecoin, and other Solana-based tokenstokens in a widespread and ongoing hack. As of this writing, an estimated $4.46 million worth of coins and tokens have been nabbed so far.
According to blockchain explorer Solscan, the four identified attackers’ wallets have collectively attacked about 15,200 wallets, although there may be overlap between their targets. The official Solana Status account on Twitter pegged the tally at approximately 8,000 unique wallets as of earlier this morning.
As the attack apparently continues, the network’s core team and founder have started sharing theories on what’s happening. Per Solana Status, “engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause” of the attack.
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
“This does not appear to be a bug with Solana core code,” it added, “but in software used by several software wallets popular among users of the network.”
That theory comports with evolving sentiment last night and overnight by Solana developers and security experts. Initially, some thought that the exploit had to do with lingering permissions that users’ may have previously granted to a smart contract, and many platforms—such as top NFT marketplace Magic Eden—urged Solana users to revoke any permissions.
An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night. The hack, which was still ongoing at 8:00 PM PST, seemed to originate on the Solana browser wallet Phantom and was believed to compromise user keys—possibly involving seedphrases that were re-used among wallets on different chains
“Over 5,000 Solana wallets have been drained in the past few hours,” blockchain audit firm OtterSec reported earlier in the evening. “These tran...
However, that didn’t appear to help since transactions were being signed, thus suggesting a compromise of users’ private keys. Instead, as the Solana Status update suggests, the prevailing theory now is that code within software-based wallet apps is being exploited in some manner to enable access to holders’ assets.
Solana co-founder and Solana Labs CEO Anatoly Yakovenko tweeted overnight that it “seems like an iOS supply chain attack,” suggesting that the issue pertained to wallets used on Apple’s iPhone and iPad devices. However, based on additional evidence, he added in a subsequent tweet that Android users are being affected, as well.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5
As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
“All the confirmed stories so far have had the key imported or generated on mobile,” he wrote, noting that the majority of confirmed wallets were from Slope, with some from Phantom. Hardware wallets do not appear to be affected at all. Notable crypto investor Adam Cochran wrote this morning that he is “90% [sure] this is related to using Slope or importing into Slope.”
Asked by a user what Solana developers can do about this issue going forward, Yakovenko replied, “Fucking Apple and Google can give us secure signing and recovery in the device. F’ing hell.”
Slope’s Twitter account hasn’t tweeted since last night, when it wrote that the team was “actively working to sort out the issue.” Similarly, Phantom last tweeted yesterday evening with a similar message, but added that it did “not believe this is a Phantom-specific issue” at the time.
Blockchain security firm OtterSec has asked affected users to fill out a form with details of their wallet and activity. Yakovenko and other notable Solana developers have shared the same form in the hopes of amassing more data on the exploit.
lmao you can't make this up - some madlad started DOSing the hacker which caused the RPC nodes to start failing
The Solana network was at times inaccessible or difficult to use last night due to partial outages with RPC nodes that facilitate network traffic. Allegedly, the slowdown was due to the efforts of a user who attempted to slow or stop the attack by overwhelming the Solana network with transactions in a DDOS-like frenzy.
Solana (SOL) initially saw a significant price drop in the wake of last night's initial attacks, with the price dropping about 8% in a two-hour span. However, it has rebounded somewhat to a current price of just over $40 per coin, or about a 2% dip over the last 24 hours.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
A malware campaign is using fake PDF to DOCX converters as a vector for sneaking malicious PowerShell commands onto machines, enabling the attacker to access crypto wallets, hijack browser credentials and steal information.
Following an FBI alert last month, CloudSEK Security Research team has carried out an investigation revealing details about the attacks.
The goal is to trick users into executing a PowerShell command which installs the Arechclient2 malware, a variant of SectopRAT, an informat...
Polygon Labs is moving electric motorcycles on-chain in Dubai—and India might be next.
The Ethereum Layer-2 scaling solution has teamed up with sustainable infrastructure startup Pyse to tokenize a fleet of electric delivery vehicles in Dubai, using Polygon's blockchain to anchor asset ownership and real-time data collection.
A new era of RWAs is here, and it starts with EV bikes. Here's why it matters 🧵<1/12> pic.twitter.com/dJ5MVVReGE
— Pyse (@PyseEarth) April 23, 2025
Polygon’s latest fora...
A team of researchers from JP Morgan Chase, Quantinuum, and others has shown that quantum computers can produce “certifiably random” numbers, potentially improving how we secure everything from banking to voting systems.
It turns out that the random numbers some computer programs use aren’t so random.
In cryptography—the tech underlying two-factor authentication and passkeys for instance—random numbers are generated to secure systems from hackers. But traditional computers typically use algorith...