The fast and cheap crypto ecosystem Solana was exploited on August 2nd, with more than 8,000 digital hot wallets drained of over $5.2 million, according to blockchain analytics firm Elliptic.
Stolen funds include the blockchain’s native $SOL token, the $USDC token (stablecoin), a small number of NFTs and roughly 300 other small Solana-based tokens.
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
— Solana Status (@SolanaStatus) August 3, 2022
According to the blockchain’s official Twitter status page, the exploit hasn’t necessarily affected the blockchain but, rather, hot wallets connected to the internet, like Phantom wallet, Trust Wallet and Slope on both mobile and web extensions. “This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network,” reads the tweet.
The blockchain also suggests that only hot wallets were compromised, whereas hardware wallets or wallets on tier 1 exchanges were unaffected. While the root cause of the exploit still hasn’t been deduced, many, including Solana co-founder Anatoly Yakovenko, are pointing to an iOS supply chain attack.
The hacker used private keys to drain user funds, in what has been one of the craziest and most mysterious hacks in recent times.
🧵: Everything you need to know about the $SOL exploit. 👇
— Miles Deutscher (@milesdeutscher) August 3, 2022
“Wallets drained should be treated as compromised, and abandoned,” said the blockchain, which is like saying that those funds are now lost, and users won’t likely get them back.
The exploit comes only a day after Nomad blockchain’s swap bridge was exploited for more than $200 million.