After users claimed that cash had been taken from internet-connected “hot” wallets, Solana, an increasingly popular blockchain noted for its quick transactions, became the subject of the cryptosphere’s newest breach.
According to Solana’s Status Twitter account, an anonymous attacker syphoned cash from 7,767 wallets on the Solana network as of 5 a.m. UTC on Wednesday. However, the crypto tracker of blockchain security startup SlowMist revealed that over 8,000 wallets had been emptied. So far, the damage is projected to be roughly $8 million.
The assault, which appears to have only targeted “hot” wallets, or wallets that are always connected to the internet and let individuals can quickly store and send tokens, does not appear to be restricted to Solana. Solana Ventures investor Justin Barlow said that his USDC balance had also been depleted. The attacker is taking both native tokens (SOL) and SPL tokens (USDC)… impacting wallets that have been idle for less than 6 months, according to crypto researcher @0xfoobar.
Other wallets affected by the assault include Phantom, Slope, Solflare, and TrustWallet. Solana cautioned that depleted wallets should be considered hacked and abandoned, while encouraging users to convert to hardware or “cold” wallets.
Phantom, a fast-growing Solana-based wallet that was valued at $1.2 billion in January, stated that it is “working closely with other teams to get to the bottom of a known vulnerability in the Solana ecosystem.”
“At this moment, the team does not feel this is a Phantom-specific issue,” says the wallet’s creator.
Slope went on to say that it is “actively working to fix out the situation as quickly as possible and remedy the best we can,” while non-fungible token (NFT) marketplace Magic Eden advised users to deactivate access for any strange URLs in their Phantom wallets.
The exact origin of the assault is unknown, however industry luminaries such as Emin Gün Sirer, inventor of another prominent blockchain Avalanche, pointed out that the transactions were correctly signed, implying that the vulnerability might be a “supply chain attack” that steals users’ private keys. @0xfoobar went on to say that “it’s probable something has caused widespread private key breach,” and that cancelling wallet approvals is unlikely to help.
Solana spokesperson Chris Kraeuter declined to respond to our questions, but referred us to the company’s Status Twitter account, which states that engineers “are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.”
The Solana assault comes just hours after criminal actors stole about $200 million in digital assets from the cross-chain messaging system Nomad via a “chaotic” security flaw. The “free-for-all” assault, which saw more than 41 addresses drain $152 million — or 80% of the stolen assets — was enabled by a recent upgrade to one of Nomad’s smart contracts, which made it simple for users to impersonate transactions.
For the latest Sci-Tech News Follow EPOST on Google News