Monday 15 August 2022
Home / none / Ongoing Solana-based wallet hack seeing millions drained

Ongoing Solana-based wallet hack seeing millions drained

An ongoing, widespread hack has seen as much as $8 million in funds drained so far across a number of Solana-based hot wallets.

At the time of writing, Solana (SOL) is currently trending on Twitter as countless users are either reporting on the hack as it unfolds, or are reporting to have lost funds themselves, warning anyone with Solana-based hot wallets such as Phantom and Slope wallets to move their funds into cold wallets.

Blockchain investigator PeckShield on August 2 said the widespread hack is likely due to a "supply chain issue" which has been exploited to steal user private keys behind affected wallets. It said the estimated loss so far is around $8 million.

Solana-based wallets providers including Phantom and Slope, and non-fungible token (NFT) marketplace Magic Eden are among those that have commented on the issue, with wallet provider Phantom noting that it is working with other teams to get to the bottom of the issue, although it says it does not “believe this is a Phantom-specific issue” at this stage.

Magic Eden confirmed the reports earlier in the day by stating that “seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem” as it called on users to revoke permissions for any suspicious links in their Phantom wallets.

Slope said it is currently working with Solana Labs and other Solana-based protocols to pinpoint the issue and rectify it, though there were "no major breakthroughs yet."

Twitter user @nftpeasant said as much as $6 million worth of funds were siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it appears a Phantom wallet user had $500,000 worth of USDC drained from their account.

Popular scam detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago.

Related: Solana-based stablecoin NIRV drops 85% following $3.5M exploit

The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started.

There have also been different reports on how many wallets have been affected and the extent of the damage so far.

Crypto tracking and compliance platform Mist Track stated via Twitter that as many as 8,000 wallets have been hacked, with $580 million sent to four addresses, however, commentators on the post are skeptical about the number.

Meanwhile, Ava Labs CEO and founder Emin Gun Sirer stated that the number was at 7,000 plus wallets, a number which is rising at around 20 per minute. He said he believes that as the transactions appear to be signed properly, "it is likely that the attacker has acquired access to private keys."

Cointelegraph has reached out to Phantom for comment on the matter and will update the story if the firm responds.

Original Article

About Jude Savage

Check Also

NFT games have edge over ‘money in, no money out’ games: Polygon’s Urvit Goel

Polygon’s vice president of global business development for gaming, Urvit Goel, believes games that integrate nonfungible tokens (NFTs) have a natural edge on traditional games that don’t allow users to sell their in-game items. Goel spoke candidly with Cointelegraph in Seoul last week about Polygon’s push toward helping NFT games proliferate and why game publishers in South Korea like Neowiz and Nexon are diving headfirst into the space. One of the main arguments Goel made is that the traditional business model that NFT games are competing against may be inherently weaker. In traditional gaming, users typically buy in-game items with real money, but they cannot sell those items to get back any United States dollar value. However, with most games in the gaming finance (GameFi) space, users can buy items as nonfungible tokens and sell them when they are done playing the game. Goel referred to the traditional model as “money in, no money out,” and emphasized that gamers should be able to..

Leave a Reply

Your email address will not be published. Required fields are marked *