‘Malicious actor’ drains $5.2 million in crypto assets from 8,000 digital wallets in one go
Thousands of digital wallets on the Solana blockchain were drained of their funds by a “malicious actor” last night. Over $5.2 million in crypto assets were lost in the attack, but Solana blames external software, saying it’s not a problem with its own blockchain.
Cybersecurity experts speculated that it might be a vulnerability in the wallet software, not the Solana blockchain itself, which will at least be a relief to some. This morning’s latest Solana update states: “This does not appear to be a bug with the main Solana code, but in the software used by several popular software wallets among network users.”
The the attack emptied more than 8,000 wallets although this number may increase if more and more users report compromised wallets. Affected wallets include, but are not limited to, Solflare, Trust Wallet, Phantom, and Slope.
ghost took Twitter to say that he too works with Solana although it is said to “at this time the team does not believe this is a Phantom specific issue”.
Solflare has published some security updates and said “we are monitoring the situation closely, and we are feeling the pain in the community”, and accompanied it with a sad face emoji.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5 a.m. UTC, approximately 7,767 wallets have been affected. The exploit affected several wallets, including Slope and Phantom. This seems to have affected both the mobile and the extension.August 3, 2022
The root cause of the exploit is still under investigation, but blockchain auditor OtterSec said on Twitter that the transactions were “signed by the actual owners, suggesting some kind of private key compromise”. They also claim that some Ethereum blockchain users might be affected, but not as widespread as Solana.
Elliptic, a blockchain analytics firm, claims the stolen assets were “SOL, a small number of non-fungible tokens (NFTs), and over 300 Solana-based tokens.”
Solana also strongly encourages people to use hardware wallets (or cold wallets), since there is no evidence that the exploit affected them, and transfer their funds to a centralized platform. If your wallet has been emptied, consider it compromised and do not continue to use it. It is also recommended that you keep your funds in a cold wallet and only use wallet software (or hot wallets) in small amounts to transact.
Solana asks the victims to fill out a survey to help her engineers investigate exactly what happened.