Hackers Steal $8M in Ongoing Attack on Solana Hot Wallets
Cause of Attack Is Unknown, Moving Funds to Cold Wallets RecommendedIn an attack that's still ongoing, hackers drained about $8 million worth of cryptocurrency and counting from internet-connected wallets on the Solana blockchain, filching assets from about 8,000 wallets, predominantly from mobile wallet users of Phantom and Slope.
See Also: Securing Hybrid Infrastructures
Solana told users very early this morning that so far, 7,767 wallets are affected by the theft, whose cause remains unknown. "Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit," Solana tweeted around 1 a.m.
Solana says it identified four wallets as associated with the hackers.
A dashboard from blockchain analytics company Dune shares live updates on the number of wallets affected and the funds stolen.
The attack likely began Tuesday night. In a Wednesday midmorning update, Solana says that the exploit is likely not the result of a bug on the blockchain's core code, but in "software used by several software wallets popular among users of the network."
Blockchain security firm PeckShield says the hack is "likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets."
Solana co-founder and CEO Anatoly Yakovenko, agrees. He says that the exploit affected iOS and Android users and that the exploited wallets have only received Solana tokens and have had no other interactions.
Phantom, one of the wallet platforms affected by the exploit, says it is investigating. "At this time, the team does not believe this is a Phantom-specific issue," it adds.
Mitigation
For those whose wallets have been drained, Solana says they should be "treated as compromised, and abandoned."
For the others, it recommends the use of hard wallets to store funds, as "there's no evidence hardware wallets have been impacted." In contrast to hot wallets, cold wallets - or hard wallets - are not connected to the web and typically USB drives need to be plugged into a system to carry out transactions. Users should not reuse their cold wallet seed phrases.
To determine the extent of the damage and help with recovery, the company has shared a form for affected parties to complete.