A widespread hack has seen as much as $8 million in funds drained across a number of Solana-based hot wallets.
On Aug. 2, Solana trended on Twitter as countless users were either reporting on the hack as it unfolded or reporting to have lost funds themselves, warning anyone with Solana-based hot wallets to move their funds into cold wallets.
The exploit was later reported to be connected to Slope mobile wallet applications, with no evidence that the Solana protocol or its cryptography was compromised.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2— Solana Status (@SolanaStatus) August 3, 2022
Blockchain investigator PeckShield on August 2 said the widespread hack is likely due to a "supply chain issue" which has been exploited to steal user private keys behind affected wallets. It said the estimated loss so far is around $8 million.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
Solana-based wallets providers including Phantom and Slope, and nonfungible token (NFT) marketplace Magic Eden are among those that commented on the issue shortly after the attack came to light. Wallet provider Phantom noted that it is working with other teams to get to the bottom of the issue, adding at the time that it did not “believe this is a Phantom-specific issue."
Magic Eden confirmed the reports earlier in the day by stating that “seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem." Slope said it was working with Solana Labs and other Solana-based protocols to pinpoint the issue and rectify it. The next day, it released a letter confirming that a "cohort of Slope wallets were compromised in the breach."
Slope said it is currently working with Solana Labs and other Solana-based protocols to pinpoint the issue and rectify it, though there were "no major breakthroughs yet."
Still war-rooming through it. No major breakthroughs yet. Will follow up as soon as possible with any major conclusions and/or recommended practices.— Slope (@slope_finance) August 3, 2022
Twitter user @nftpeasant said as much as $6 million worth of funds were siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it appears a Phantom wallet user had $500,000 worth of USDC drained from their account.
???!!! https://t.co/sBDgxqGyaw— Matthew Graham (@mattysino) August 2, 2022
Popular scam detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago.
Related: Solana-based stablecoin NIRV drops 85% following $3.5M exploit
The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started.
Scammers wallet funded via Binance 7 months agohttps://t.co/5gQbObcsg4 https://t.co/sco5SPBrne pic.twitter.com/AL6Hm4F3R3— ZachXBT (@zachxbt) August 3, 2022
There have also been different reports on how many wallets have been affected and the extent of the damage so far.
Crypto tracking and compliance platform Mist Track stated via Twitter that as many as 8,000 wallets have been hacked, with $580 million sent to four addresses, however, commentators on the post are skeptical about the number.
Meanwhile, Ava Labs CEO and founder Emin Gun Sirer stated that the number was at 7,000 plus wallets, a number which is rising at around 20 per minute. He said he believes that as the transactions appear to be signed properly, "it is likely that the attacker has acquired access to private keys."
There's an ongoing attack targeting the Solana ecosystem right now. 7000+ wallets affected, and rising at 20/min. Because it's very early and the attack is ongoing, there's a lot of misinformation and speculation. So here are a few thoughts and clarifications.— Emin Gün Sirer (@el33th4xor) August 3, 2022
Update: Added commentary which has connected Slope mobile wallets to the exploit.