Another setback for Solana
Thousands of Solana wallets emptied
Research into the cause is still ongoing
For months, Solana (SOL), which is one of the top 10 cryptocurrencies, has not been out of the negative headlines: on the one hand, there were multiple system crashes for which critics blame a design error, on the other hand, the company behind the blockchain was shut down because of the illegal sale of securities charged. Now there is also a large-scale hacker attack.
advertising
Trade Solana and other cryptos with leverage (long and short)
Solana and other cryptocurrencies have recently corrected significantly. Trade cryptos such as Bitcoin or Ethereum with leverage at Germany’s No. 1 CFD provider and participate in rising and falling prices.
Millions in damage from hackers
The hacker attack began on August 2nd and caused millions in damage: unknown attackers were apparently able to carry out transactions with tokens via an as yet unidentified vulnerability as if they were the owners. This suggests the compromise of private keys.
In this context, thousands of hot wallets were emptied and coins worth millions were stolen. The stolen cryptocurrencies are said to include both Solana’s SOL token and compatible currencies such as USD Coin (USDC). The wallet applications Phantom and Slope are said to be particularly affected, but also users of Solflare and Trust Wallet. It is still unclear whether the victims will be compensated.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
– Solana Status (@SolanaStatus) August 3, 2022
Backgrounds still unclear
The nature of the hack is still speculated. According to Solana, however, it does not assume a bug in the Solana network itself – neither the Solana protocol nor its cryptography have been compromised. Rather, only popular wallet software is affected. Victims should consider their wallet compromised and stop using it.
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
– Solana Status (@SolanaStatus) August 3, 2022
Solana is still working on the clarification, but Solana CEO Anatoly Yakovenko has already tweeted that he believes a “supply chain attack” (supply chain attack) affecting virtual wallets on Apple and Android phones is possible. In such an attack, a hacker injects malicious software into an operating system, gaining access to information such as the private key for a virtual wallet.
Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.
– SMS aey.sol, ?? (@aeyakovenko) August 3, 2022
In another tweet, the Solana project explained that the wallet software Slope may have compromised private keys and was therefore responsible for the theft. A preliminary analysis has shown that all affected addresses were either created using Slope’s mobile wallet application, imported or temporarily managed within this app.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were created, imported, or used in Slope mobile wallet applications at one point. 1/2
– Solana Status (@SolanaStatus) August 3, 2022
What can Solana owners do?
One way to protect against this attack might be to transfer funds to a hardware wallet that is not connected to the internet, as these don’t seem to have been affected by the exploit so far. Crypto exchanges were also probably unharmed. Therefore, Solana recommends its users to quickly switch to one of these two alternatives.
Editorial office finanzen.net
Image sources: Skorzewiak / Shutterstock.com, Aleksandra Sova / Shutterstock.com