Hackers attack solana crypto and steal millions
The logo of the Solana cryptocurrency platform.
Jakub Porzycki | NurPhoto via | Getty Images
Nearly 8,000 digital wallets have been emptied of just over $5.2 million in digital coins, including Solana’s sol token and USD Coin (USDC), according to blockchain analytics firm Elliptic. The Solana Status Twitter account confirmed the attack, noting that as of Wednesday morning around 7,767 wallets had been affected by the exploit. Elliptic’s estimate is slightly higher at 7,936 wallets.
Solana’s sol token, one of the largest cryptocurrencies after bitcoin and ether, fell about 8% in the first two hours after the hack was initially detected, according to data from CoinMarketCap. It is currently down about 1%, while trading volume has increased by around 105% in the last 24 hours.
Starting Tuesday evening, several users began reporting that assets held in “hot” wallets – i.e. addresses connected to the Internet, including Phantom, Slope and Trust Wallet – had been emptied of their funds.
ghost said on Twitter that it is investigating “reported vulnerability in the solana ecosystem” and does not believe this is a Phantom specific issue. Blockchain audit firm OtterSec tweeted that the hack affected multiple wallets “across a wide variety of platforms”.
Elliptic chief scientist Tom Robinson told CNBC that the root cause of the breach is still unclear, but “it appears to be due to a flaw in some wallet software, rather than the solana blockchain. herself”. OtterSec added that the transactions were signed by the actual owners, “suggesting some sort of private key compromise.” A private key is a secure code that allows the owner to access their cryptographic assets.
The identity of the attacker is still unknown, as is the root cause of the exploit. The breach is ongoing.
“Engineers from multiple ecosystems, with help from multiple security companies, are investigating depleted wallets on solana,” according to Solana Statusa Twitter account that shares updates for the entire Solana network.
The solana network strongly encourages users to use hardware wallets, as there is no evidence that these have been impacted.
“Do not reuse your seed phrase on a hardware wallet – create a new seed phrase. Emptied wallets should be treated as compromised and discarded”, reads a tweet. Seed phrases are a collection of random words generated by a crypto wallet when it is first set up, and it provides access to the wallet.
A private key is unique and links a user to their blockchain address. A seed phrase is a fingerprint of all of a user’s blockchain assets that is used as a backup if a crypto wallet is lost.
The incident comes a day after the $200 million Nomad blockchain bridge was hacked. This is the latest crisis that has gripped the crypto market in recent weeks.
“Four addresses are currently linked to the hacker, a far cry from yesterday’s ‘decentralized plunder’ which involved over 120 individual users,” said crypto investor and analyst Miles Deutscher. “This implies that it was a singular party that carried out the SOL exploit, although the specific details remain ambiguous.”
The Solana network was seen as one of the most promising newcomers to the crypto market, with backers like Chamath Palihapitiya and Andreessen Horowitz touting it as a challenger for Ethereum with faster transaction processing times and enhanced security. But it has faced a range of issues lately, including downtime during busy periods and a perception of being more centralized than Ethereum. A major outage in June took the Solana platform offline for several hours.
Ether, the native token of the Ethereum blockchain, soared 6% in 24 hours.