Solana Wallets Targeted in the Most Recent Multimillion Dollar Hack
The Solana
smart contract project is suffering from issues once again after it was
discovered that close to 8,000 Solana-based wallets were targeted in the latest
multimillion-dollar hack. Solana is asking victimized wallet owners to complete
a survey, and the team stressed that "engineers are investigating the root
cause."
Solana Looks into Massive Wallet Exploit
After the
chain has halted on a few occasions in the past, Solana users are now dealing
with an extensive wallet vulnerability that affects specific wallet software
such as Phantom and Slope. Solana developers and victims discovered the exploit
on Tuesday evening, and the hacker’s method of attack is currently
unknown.
The
blockchain security firm Peckshield noted that it’s possible the
exploit stemmed from a supply chain attack. Solana Labs co-founder and CEO
Anatoly Yakovenko also stated that the exploit was likely from a supply
chain attack.
"Seems
like an iOS supply chain attack. Multiple plausible wallets that only received
SOL and had no interactions beyond receiving have been affected,"
Yakovenko wrote. "Android seems to be affected as well. All the
confirmed cases so far have had the key imported or generated on mobile. Most
of the reports are Slope, but a few Phantom users as well," the Solana
Labs CEO added.
Presently, the amount of stolen funds from the hack is also unknown, as the security firm Anchain estimated the hack to be around USD 5 million, and Peckshield’s estimate was around USD 8 million. The Solana Status Twitter account has updated the turn of events and what the Solana team has discovered so far.
"Engineers
from multiple ecosystems, with the help of several security firms, are
investigating drained wallets on Solana. There is no evidence hardware wallets
are impacted," the team said.
The Solana
team also left a survey for victims that asks several specific
questions, like what address was affected by the exploit and what type of
wallet the user leveraged. Victims need to provide details of their transaction
when they downloaded the wallet and if the wallet was an iOS version, Android
version, Windows, Mac, or browser version.
An important
question asks victims if they generated a 'seed phrase' from within the
compromised wallet, and the survey wants to know where and when the seed phrase
was created. The seed phrase question is "required," according to the
Solana hack survey hosted on the Solana Foundation’s website.
Solana’s
recent wallet exploit follows the blockchain’s issues with block production
in September 2021 and June 2022. Between those two dates,
Solana’s network had to stop block production a total of eight times.
The hack has damaged Solana’s (SOL) market gains, and out of the top ten
crypto assets, SOL is the only token down in value against the U.S. dollar on
Wednesday. SOL is now ranked ninth as well when it used to be a
top-five contender in the crypto economy a few months ago.
"It is
not yet clear at this time whether the attackers exploited a vulnerability in
the Phantom wallet or some other hidden weakness in the broader Solana
ecosystem," Mikkel Mørch, the Executive Director at the Digital Asset Investment Fund ARK36, told the media on Wednesday. "But the hack will
cast a shadow over Solana’s credibility as a better alternative to Ethereum –
especially when it comes to security. It may even give Ethereum some additional
boost from the narrative perspective as the safest and most reliable defi
ecosystem," Mørch added.
0 Comments