Solana Wallets Drained & Minor Network Outage.
The cryptocurrency ecosystem has been rocked by a widespread exploit targeting Solana wallets that have been ongoing since Wednesday. Phantom and Slope, two Solana-based wallet services, initially flagged the attack on their social media platforms, alongside a host of cryptocurrency influencers, blockchain analytic and security firms and victims of the hack as it continued to unfold. Solana, one of the key Ethereum competitors, started experiencing a minor service outage, according to its status page. This came after the network suffered a widespread private key compromise. Ledger, a prominent hardware wallet, claims that its Solana node is currently experiencing "issues." At this point, it is unclear whether only the Solana blockchain has been affected by the attack. In a lengthy Twitter thread, Ava Labs CEO Emin Gun Sirer opined that the bad actor managed to pull off the hack with the help of a supply chain attack by hijacking a JS library and exfiltrating users' private keys. He also suggested that a browser exploit could be in play, but such a scenario seems "highly unlikely."
Solana co-founder Anatoly Yakovenko gave the latest update from the Solana team on his Twitter account, highlighting what other blockchain analysts had speculated was a supply chain attack that allowed the hackers to gain access to private keys. Yakovenko said preliminary investigations showed wallets that had only ever received Solana (SOL) and had no interactions beyond receiving have been affected. The exploit affected both iOS and Android devices and all the affected wallets had their private keys imported or generated on mobile. Solana wallet platform Solflare told Cointelegraph that it had not suffered any loss of funds and that it was working with other wallet providers to provide support toward a solution.
Phantom says it is investigating the reported exploits. "We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem," Phantom tweeted. "At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update." "$6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet. "Popular Solana NFT marketplace Magic Eden also took to Twitter to warn of the exploit. "There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem," the account wrote. In the tweet, Magic Eden provided instructions to remove permissions for suspicious links.
According to Solscan, a total of 15,220 wallets have been affected, and a total of $4.46 million in tokens, primarily SOL and USDC, have been robbed. Engineers across the Internet, including blockchains other than Solana, have been working on trying and understanding both the cause of the exploit and its extent. Initial reports singled out the Solana browser wallet Phantom and the Solana ecosystem. The news has already prompted an 8% drop in Solana's value in the two hours following the first reports of the attack, according to CoinMarketCap, which also notes a 45 percent increase in trading volume in the last 24 hours.
The uniform message to SOL holders from the wider cryptocurrency ecosystem is to move funds to cold storage or centralized exchanges and to revoke permissions from trusted apps in wallet settings. Solflare also warned that users with mnemonic seed phrases originating from other wallets were at risk of being exposed. Users affected by the exploit are being asked to provide their compromised wallet addresses to the Solana Foundation to assist in the investigation.
Wallets of the supposed attacker, which have so far been identified as:
https://solscan.io/account/Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV#solTransfers
https://solscan.io/account/CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu#solTransfers
https://solscan.io/account/5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n#splTransfers
https://solscan.io/account/GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy#solTransfers