The cryptocurrency ecosystem has been rocked by a widespread exploit targeting Solana wallets that have been ongoing since Wednesday. Phantom and Slope, two Solana-based wallet services, initially flagged the attack on their social media platforms, alongside a host of cryptocurrency influencers, blockchain analytic and security firms and victims of the hack as it continued to unfold.
A handful of commentators noted that attackers had gained access to user private keys, as transactions were signed on the chain legitimately. Ava Labs CEO and founder Emin Gun Sirer estimated that more than 7,000 wallets had been affected, a number cited by various other individuals and firms online.
As investigations begin to unpack the root cause that allowed an attacker to pillage thousands of wallets, affected users are being warned not to accept help from individuals online purporting to have solutions to the hack. Heidi Chakos, the host of the YouTube channel Crypto Tips, stressed that scammers would be looking to exploit the ongoing situation.
DON’T interact with ANYONE who reaches out to you with a solution to this SOLANA hack. They are scammers— Heidi (@blockchainchick) August 3, 2022
Solana Status has been providing updates since the exploit began and noted that 7,767 wallets had been affected at 5:00 am UTC on Wednesday. Several wallets were affected across mobile and browser extensions.
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.— Solana Status (@SolanaStatus) August 3, 2022
Do not reuse your seed phrase on a hardware wallet - create a new seed phrase.
Wallets drained should be treated as compromised, and abandoned.
Solana stressed that users move funds to cold storage and create new seed phrases, while the owners of the 8,000 drained wallets were told that these should “be treated as compromised, and abandoned.”
A spokesperson from Solana told Cointelegraph that engineers from several ecosystems as well as audit and security firms were continuing to explore the root cause that saw affected wallets drained.
"This does not appear to be a bug with Solana core code, but in software used by several wallets popular among Solana users."
Users affected by the exploit are being asked to provide their compromised wallet addresses to the Solana Foundation to assist in the investigation.
Solana co-founder Anatoly Yakovenko gave the latest update from the Solana team on his Twitter account, highlighting what other blockchain analysts had speculated was a supply chain attack that allowed the hackers to gain access to private keys.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5— SMS T◎ly, (@aeyakovenko) August 3, 2022
As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
Yakovenko said preliminary investigations showed wallets that had only ever received Solana (SOL) and had no interactions beyond receiving have been affected. The exploit affected both iOS and Android devices and all the affected wallets had their private keys imported or generated on mobile.
Cointelegraph has reached out to Solana for an updated figure of the number of wallets affected by the exploit. It is also unclear whether affected wallets will see funds recouped or refunded after the incident. Data from Dune Analytics currently lists 7,941 wallets that have been affected by the exploit.
Solana wallet platform Solflare told Cointelegraph that it had not suffered any loss of funds and that it was working with other wallet providers to provide support toward a solution.
The uniform message to SOL holders from the wider cryptocurrency ecosystem is to move funds to cold storage or centralized exchanges and to revoke permissions from trusted apps in wallet settings. Solflare also warned that users with mnemonic seed phrases originating from other wallets were at risk of being exposed.