With Solana hitting the headlines for succumbing to a hack on Wednesday, prominent crypto CEOs — including Binance’s Changpeng “CZ” Zhao, KuCoin’s Johnny Lyu and OKX’s Jay Hao — recommended that Solana (SOL) investors move their holdings over to their own exchanges as an immediate security measure.
Numerous blockchain investigators and crypto investors flagged an alleged widespread private key compromise, allowing the attacker to steal native SOL tokens and Solana-compatible SPL tokens such as USD Coin (USDC) from Phantom and Slope wallets. However, the root cause of the attack remains a mystery as all parties, including Solana and Phantom, denied faults at their ends. Phantom’s official stance on the matter shared with Cointelegraph:
“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.”
Parallel to the ongoing investigations of the Solana fiasco, CZ warned investors of “an active security incident on Solana” that drained funds in SOL and USD Coin (USDC) off over 7000 wallets. His recommendation to unhacked investors was to transfer their assets to a cold wallet or Binance.
Lyu gave a similar assurance to KuCoin users as he confirmed that all SOL assets were not impacted by the hack; as he said:
“We’re in close contact with the Solana team and have blocked the suspicious addresses as requested.”
Hao, however, echoed CZ’s recommendation as he advised investors to move their assets to OKX to protect themselves from the hack.
Given the uncertainty behind the hacker’s potential and reach, other crypto exchanges such as Bybit have proactively suspended all deposits and withdrawal of assets on the Solana blockchain.
A hack that passed a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker making away with $1 million.
Speaking to Cointelegraph, Audius co-founder and CEO Roneil Rumburg clarified that no members of the community were involved in the passing of the malicious proposal:
“This was an exploit — not a proposal proposed or passed through any legitimate means — it just happened to use the governance system as the entry point for the attack.”
Blockchain investigator Peckshield later narrowed down the fault to Audius’ storage layout inconsistencies.