Solana Wallets Targeted in the Most Recent Multimillion Dollar Hack

Solana Wallets Targeted in the Most Recent Multimillion Dollar Hack

The Solana smart contract project is suffering from issues once again after it was discovered that close to 8,000 Solana-based wallets were targeted in the latest multimillion-dollar hack. Solana is asking victimized wallet owners to complete a survey, and the team stressed that "engineers are investigating the root cause."

Solana Looks into Massive Wallet Exploit

After the chain has halted on a few occasions in the past, Solana users are now dealing with an extensive wallet vulnerability that affects specific wallet software such as Phantom and Slope. Solana developers and victims discovered the exploit on Tuesday evening, and the hacker’s method of attack is currently unknown.

The blockchain security firm Peckshield noted that it’s possible the exploit stemmed from a supply chain attack. Solana Labs co-founder and CEO Anatoly Yakovenko also stated that the exploit was likely from a supply chain attack.

"Seems like an iOS supply chain attack. Multiple plausible wallets that only received SOL and had no interactions beyond receiving have been affected," Yakovenko wrote. "Android seems to be affected as well. All the confirmed cases so far have had the key imported or generated on mobile. Most of the reports are Slope, but a few Phantom users as well," the Solana Labs CEO added.

Presently, the amount of stolen funds from the hack is also unknown, as the security firm Anchain estimated the hack to be around USD 5 million, and Peckshield’s estimate was around USD 8 million. The Solana Status Twitter account has updated the turn of events and what the Solana team has discovered so far.

"Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted," the team said.

The Solana team also left a survey for victims that asks several specific questions, like what address was affected by the exploit and what type of wallet the user leveraged. Victims need to provide details of their transaction when they downloaded the wallet and if the wallet was an iOS version, Android version, Windows, Mac, or browser version.

An important question asks victims if they generated a 'seed phrase' from within the compromised wallet, and the survey wants to know where and when the seed phrase was created. The seed phrase question is "required," according to the Solana hack survey hosted on the Solana Foundation’s website.

Solana’s recent wallet exploit follows the blockchain’s issues with block production in September 2021 and June 2022. Between those two dates, Solana’s network had to stop block production a total of eight times.

The hack has damaged Solana’s (SOL) market gains, and out of the top ten crypto assets, SOL is the only token down in value against the U.S. dollar on Wednesday. SOL is now ranked ninth as well when it used to be a top-five contender in the crypto economy a few months ago.

"It is not yet clear at this time whether the attackers exploited a vulnerability in the Phantom wallet or some other hidden weakness in the broader Solana ecosystem," Mikkel Mørch, the Executive Director at the Digital Asset Investment Fund ARK36, told the media on Wednesday. "But the hack will cast a shadow over Solana’s credibility as a better alternative to Ethereum – especially when it comes to security. It may even give Ethereum some additional boost from the narrative perspective as the safest and most reliable defi ecosystem," Mørch added.