An ongoing Solana (SOL) hack has affected more than 8,000 wallets and drained a (currently) estimated USD 4.5m-USD 8m worth of funds. (Updated at 07:50 UTC: updates throughout the entire text.)
According to data compiled by crypto tracking platform MistTrack, four addresses linked to hackers have so far stolen USD 580m worth of crypto assets from over 8,000 wallets.
However, MistTrack stated that, excluding the value of EXIST “and other shitcoins,” USD 4.5m worth of SOL, USDC, USDT, bitcoin (BTC), and ethereum (ETH) have been stolen.
Still, blockchain investigator PeckShield estimated a higher loss, stating:
“So far, the loss is estimated to be USD 8m, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued [USD] 570M).”
As the hack begun, users started reporting that their funds have been drained without their knowledge from major internet-connected “hot” wallets, including Phantom, Slope, and TrustWallet. Some affected users have claimed that they haven’t interacted with any contracts in more than 40 days.
According to blockchain auditor OtterSec, the transactions are being signed by the actual owners, suggesting some sort of private key compromise. They asked all users of the affected wallets to move their assets “to a hardware [wallet] or a centralized exchange.”
The exact cause of the hack is still largely unclear though it appears to have predominantly impacted mobile wallet users.
The team behind Solana said that engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana.
“There is no evidence hardware wallets are impacted,” they added.
Meanwhile, Phantom said that “at this time, the team does not believe this is a Phantom-specific issue.”
According to Solana Labs co-founder Anatoly Yakovenko, only a token-specific delegation or an auto approve, or a leaked seed could transfer assets from a wallet on behalf of the user.
“Since system transfers are happening, that rules out delegation. There is no way an “interaction” could make a wallet vulnerable,” he added.
Since the hacker somehow obtained the ability to sign transactions on the behalf of users, some have suggested a trusted third-party service may have been compromised in a so-called supply chain attack.
“Confirmed with the cross chain user that they imported their TrustWallet seed phrase into Slope. Both Slope & TrustWallet seem to use a single seed phrase cross-chain,” analyst Adam Cochran said. “Likely why we’ve seen so few cases on Ethereum directly. Suggests something exposing seeds w/ Solana apps?”
PeckShield also weighed in on the supply chain theory, stating that “the widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets.”
Meanwhile, Solana validator Laine has denied claims that validators blacklisted or plan to blacklist the wallets associated with hackers.
“We have not blacklisted anything nor are we aware of any discussion to do so. Explorers have blacklisted them, i.e. they are displaying warnings, but that doesn’t affect any transactions,” Laine said.
Notably, the ongoing hack may be approaching its end as the amount of SOL stolen per minute has dropped dramatically. According to a Dune dashboard that tracks the amount of SOL stolen per minute, less than SOL 1 has been stolen around the time of writing (7:20 UTC). In comparison, the hack started with over SOL 500 and even over SOL 1,000 at some point being rifled per minute.
At the time of writing, the 9th coin per market capitalization, SOL, is trading at USD 38.67, down 4.1% over the past 24 hours. At this point, it’s up nearly 7% in 7 days and 16% in a month.
Other reactions:
This is a developing story and will be updated as new details emerge.
____
Learn more:
– New Class Action Lawsuit Targets Solana In California
– Solana-Powered Crema Finance Loses Almost USD 9M in Flash Loan Attack
– As Solana Plans Own Blockchain Phone, What Happened to the Pioneers?
– Solana Suffers 5th Outage in 2022, SOL Dives