Solana Wallet Hack: Here’s What We Know So Far – Decrypt | Hot Mobile Press


  • Thousands of Solana software wallets have had their tokens drained since last night in a widespread attack worth nearly $4.5 million so far.
  • The exploit is believed to be due to software in certain wallets, including Slope and Phantom. Hardware wallets are not affected.

Update, Aug. 3, 4:50 p.m. ET: Solana developers say they’ve identified the root cause of the hack: compromised private keys that were “created, imported, or used in Slope mobile wallet apps.” Read full details here.

Solana Users far and wide were spooked last night to discover that their Wallets have been emptied from SOL, the USDC stablecoinand other Solana-based tokens in a widespread and ongoing hack. As of this writing, an estimated $4.46 million in coins and tokens have been stolen.

According to Blockchain Explorer Solscanthe attackers’ four identified wallets collectively attacked approximately 15,200 wallets, although there may be overlap between their targets. The official Solana status Account on Twitter put the tally at around 8,000 unique wallets this morning.

As the attack appears to be ongoing, the core team and the network’s founder have begun sharing theories as to what is happening. According to Solana Status, “engineers from different ecosystems, in collaboration with accounting and security firms, continue to investigate the root cause” of the attack.

“This does not appear to be a bug in the Solana core code,” she added, “but rather in software used by several software wallets popular with users of the network.”

This theory aligns with the evolving sentiment last night and overnight from Solana developers and security researchers. Initially, some thought the exploit had to do with residual permissions that users may have previously granted to a smart contract, and many platforms – such as Top NFT Marketplace Magic Eden– prompted Solana users to revoke all permissions.

However, this didn’t seem to help as transactions were being signed, suggesting a compromise in users’ private keys. Instead, as the Solana status update suggests, the prevailing theory now is that code in software-based wallet apps is being exploited in some way to allow access to holders’ assets.

Anatoly Yakovenko, co-founder of Solana and CEO of Solana Labs tweeted overnight that it “looks like an attack on the iOS supply chain,” suggesting the issue affected wallets used on Apple’s iPhone and iPad devices. However, based on additional evidence, he added in a subsequent tweet that Android users are also affected.

“All confirmed stories to date have had their key imported or generated on the phone,” he wrote, noting that the majority of confirmed wallets were from Slope, with some from Phantom. Hardware wallets don’t seem to be affected at all. Notable crypto investor Adam Cochran wrote this morning that he “90% [sure] this is related to using slope or importing into slope.”

When asked by a user what Solana developers can do regarding this issue in the future, replied Yakovenko, “The damn Apple and Google can give us a secure signature and recovery in the device. Bloody hell.”

Slope’s Twitter account did not tweet since last night, when it wrote that the team was “actively working to resolve the issue.” Likewise Phantom last tweeted last night with a similar message, but added that it “didn’t believe this was a Phantom-specific issue” at the time.

Blockchain security company OtterSec has asked affected users to fill out a form with details about their wallet and activity. Yakovenko and other notable Solana developers shared the same form in hopes of gathering more data about the exploit.

The Solana network was intermittently inaccessible or difficult to use last night due to partial outages involving RPC nodes that facilitate network traffic. Allegedly, the slowdown was due to the efforts of a user trying to slow down or stop the attack by overpowering the Solana network with transactions in a DDOS-like frenzy.

Solana (SOL) initially saw a significant drop in price following last night’s initial attacks, with the price falling around 8% in two hours. However, it has recovered somewhat to a current price of just over $40 per coin, or a decline of around 2% over the past 24 hours.

Stay up to date on crypto news and receive daily updates in your inbox.

Leave a Comment