Update, August 3, 4:50 p.m. ET: Solana developers say they have identified the root cause of the hack: compromised private keys "created, imported, or used in Slope mobile wallet applications." Read the full details here.
Solana users far and wide last night were startled to find that their wallets were being drained of SOL, the USDC stablecoin, and other Solana-based tokenstokens in a widespread and ongoing hack. As of this writing, an estimated $4.46 million worth of coins and tokens have been nabbed so far.
According to blockchain explorer Solscan, the four identified attackers’ wallets have collectively attacked about 15,200 wallets, although there may be overlap between their targets. The official Solana Status account on Twitter pegged the tally at approximately 8,000 unique wallets as of earlier this morning.
As the attack apparently continues, the network’s core team and founder have started sharing theories on what’s happening. Per Solana Status, “engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause” of the attack.
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
“This does not appear to be a bug with Solana core code,” it added, “but in software used by several software wallets popular among users of the network.”
That theory comports with evolving sentiment last night and overnight by Solana developers and security experts. Initially, some thought that the exploit had to do with lingering permissions that users’ may have previously granted to a smart contract, and many platforms—such as top NFT marketplace Magic Eden—urged Solana users to revoke any permissions.
An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night. The hack, which was still ongoing at 8:00 PM PST, seemed to originate on the Solana browser wallet Phantom and was believed to compromise user keys—possibly involving seedphrases that were re-used among wallets on different chains
“Over 5,000 Solana wallets have been drained in the past few hours,” blockchain audit firm OtterSec reported earlier in the evening. “These tran...
However, that didn’t appear to help since transactions were being signed, thus suggesting a compromise of users’ private keys. Instead, as the Solana Status update suggests, the prevailing theory now is that code within software-based wallet apps is being exploited in some manner to enable access to holders’ assets.
Solana co-founder and Solana Labs CEO Anatoly Yakovenko tweeted overnight that it “seems like an iOS supply chain attack,” suggesting that the issue pertained to wallets used on Apple’s iPhone and iPad devices. However, based on additional evidence, he added in a subsequent tweet that Android users are being affected, as well.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5
As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
“All the confirmed stories so far have had the key imported or generated on mobile,” he wrote, noting that the majority of confirmed wallets were from Slope, with some from Phantom. Hardware wallets do not appear to be affected at all. Notable crypto investor Adam Cochran wrote this morning that he is “90% [sure] this is related to using Slope or importing into Slope.”
Asked by a user what Solana developers can do about this issue going forward, Yakovenko replied, “Fucking Apple and Google can give us secure signing and recovery in the device. F’ing hell.”
Slope’s Twitter account hasn’t tweeted since last night, when it wrote that the team was “actively working to sort out the issue.” Similarly, Phantom last tweeted yesterday evening with a similar message, but added that it did “not believe this is a Phantom-specific issue” at the time.
Blockchain security firm OtterSec has asked affected users to fill out a form with details of their wallet and activity. Yakovenko and other notable Solana developers have shared the same form in the hopes of amassing more data on the exploit.
lmao you can't make this up - some madlad started DOSing the hacker which caused the RPC nodes to start failing
The Solana network was at times inaccessible or difficult to use last night due to partial outages with RPC nodes that facilitate network traffic. Allegedly, the slowdown was due to the efforts of a user who attempted to slow or stop the attack by overwhelming the Solana network with transactions in a DDOS-like frenzy.
Solana (SOL) initially saw a significant price drop in the wake of last night's initial attacks, with the price dropping about 8% in a two-hour span. However, it has rebounded somewhat to a current price of just over $40 per coin, or about a 2% dip over the last 24 hours.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
DFZ Labs, the creators of the Ethereum NFT project Deadfellaz, will launch a new asset verification tool that allows users to connect online and offline assets without signing blind transactions or smart contract approvals.
Coldlink, now in beta, enables blockchain users to connect their blockchain address to any asset in Web2, Web3, or real life without incurring the security risk of blind signing or smart contract approvals, DFZ Labs said.
“To ‘Coldlink’ something is to connect any digital ass...
Scammers are using cracked versions of TradingView Premium to drain crypto wallets.
The app is disguised as a “cracked” version of the real TradingView Premium app. Downloads of the malware infused versions are being distributed via Reddit and have often been found in cryptocurrency sub Reddits.
Victims have reported having their entire crypto wallets emptied. They were then impersonated by the scammers, who used their details to send out phishing attempts encouraging the victims’ contacts to d...
In a London office on Thursday, BitcoinOS developers completed the final code commit that would open-source BitSNARK, a specialized protocol enabling zero-knowledge verification on Bitcoin.
The move to open-source BitSNARK “unlocks programmability on Bitcoin” and aims to help developers “build and experiment in ways that were previously impossible,” Edan Yago, CEO and co-founder of BitcoinOS, told Decrypt.
The release follows BitcoinOS's July 2024 demo, which verified the first zero-knowledge pr...
