Thousands of Solana software wallets have been drained of tokens since last night in a widespread attack totaling nearly $ 4.5 million so far.
The exploit is believed to be due to software in some wallets, including Slope and Phantom. Hardware wallets are not affected.
Solana users far and wide last night were surprised to find that their wallets were drained of SOL, the USDC stablecoinand others based on Solana tokens in a widespread and continuous hack. At the time of writing, coins and tokens worth an estimated $ 4.46 million have been captured so far.
According to Blockchain Explorer Solves, the four identified wallets of the attackers collectively attacked about 15,200 wallets, although there may be some overlap between their targets. Officer Solana state Twitter account has set the tally at around 8,000 unique wallets as of this morning.
As the attack seemingly continues, the core team and the founder of the network have begun sharing theories about what is happening. According to Solana Status, “engineers from different ecosystems, along with audit and security firms, continue to investigate the root cause” of the attack.
Engineers from different ecosystems, in collaboration with audit and security firms, continue to investigate the root cause of an accident that resulted in the drying up of approximately 8,000 wallets. 1/2
“This does not appear to be a bug with Solana’s core code,” he added, “but in the software used by several software portfolios popular with network users.”
This theory is consistent with the evolving sentiment last night and overnight from Solana developers and security experts. Initially, some thought that the exploit had to do with persistent permissions that users may have previously granted to a smart contract and many platforms, such as the best NFT Magic Eden market– urged Solana users to revoke any permissions.
However, this didn’t seem to help as the transactions were signed, thus suggesting a compromise of users’ private keys. Instead, as the Solana status update suggests, the prevailing theory now is that the code within software-based wallet apps is leveraged in some way to allow holders to access the resources.
Anatoly Yakovenko, co-founder and CEO of Solana Labs tweeted overnight that “looks like an attack on the iOS supply chain,” suggesting that the problem was with the wallets used on Apple’s iPhone and iPad devices. However, based on further evidence, He added in a later tweet that Android users were also affected.
It looks like an attack on the iOS supply chain. Multiple plausible wallets were affected that only received sol and had no interactions other than receiving. https://t.co/ne0g3ZmLH5
In addition to the keys imported into iOS and generated externally.https: //t.co/hStAr1mU6Q
“All confirmed stories so far have had the key imported or generated on mobile devices,” he wrote, noting that most of the confirmed wallets were from Slope, with some from Phantom. Hardware wallets don’t seem to be interested at all. Well-known cryptocurrency investor Adam Cochran wrote this morning that he is “90% [sure] this is related to using Slope or importing to Slope.
Asked by a user what Solana developers can do about this issue in the future, Yakovenko replied“Fuck Apple and Google can give us a secure signature and restore on the device. Damn.”
Slope’s Twitter account did not tweet since last night, when he wrote that the team was “actively working to fix the problem”. Likewise, Ghost last tweeted last night with a similar message, but added that at the time he “didn’t believe this was a Phantom specific problem.”
The blockchain security firm OtterSec has asked interested users to fill out a form with details of your portfolio and business. Yakovenko and other leading Solana developers shared the same form in hopes of amassing more data on the exploit.
lmao you can’t make this up – some crazy started doing hacker DOSing which caused RPC nodes to fail
The Solana network was found to be inaccessible or difficult to use at times last night due to partial outages with the RPC nodes facilitating network traffic. Presumably, the slowdown was due to the efforts of a user attempting to slow down or stop the attack overwhelming the Solana network with transactions in a DDOS-like frenzy.
Solana (SOL) initially saw a significant drop in prices in the wake of last night’s initial attacks, dropping around 8% over a two-hour span. However, it has somehow rebounded to a current price of just over $ 40 per coin, or a drop of around 2% in the past 24 hours.
Stay up to date on crypto news, get daily updates in your inbox.
We use technologies like cookies to store and/or access device information.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.