August 3, 2022

Solana network hacked

Reading time:

10 min

Solana network hacked

Update: After an investigation by a team of experts, it emerged that the addresses affected by the attack had at some point been created, imported or used in the Slope mobile app. Details of what happened are still being investigated.

Strange activity started happening on the Solana blockchain on Wednesday, August 3, 2022 — cryptocurrency is being stolen from users directly from their wallets. So far, more than 8,000 Solana wallets, including Phantom, Slope and Trust Wallet, are known to have stolen assets.

The attack appears to be predominantly affecting mobile wallets. Users report that they were minding their own business when they saw a push notification from their mobile wallet to send all SOL to another address.

The cumulative loss is $580 million, but this includes some illiquid shitcoins, which account for $575.5 million, so the real amount stolen is around $4.5 million.

Presently, the reason for the attack remains unknown. Binance chief executive Changpen Zhao said that it may have to do with previous app permissions granted. To be safe, he recommends sending funds to a cold wallet or a centralized exchange such as Binance.

According to NFT marketplace Magic Eden, there is a possibility of a widespread exploit. Users are advised to withdraw all permissions from any suspicious sites. Gaming firm Star Atlas has also recommended withdrawing permissions for all applications in its wallets and moving funds to cold storage.

Ava Labs founder Emin Gun Sirer said a possible “chain of custody attack” is a situation where the JS library is hacked and users' private keys are stolen from there. According to reports online, wallets that were created within the last 9 months are affected. There are also reports of recently created wallets. But most affected are wallets that have been inactive for more than 6 months.

Solana Labs spokesman Austin Feder said the ongoing investigation has revealed that Solana's blockchain itself was not to blame for the attack.

Analysts from several ecosystems, with input from experts from security firms, are investigating the attacked wallets on Solana. There is no evidence that the hardware wallets were affected, he said.

The Phantom wallet team, too, said it was working with other experts to find out the cause of the problem. According to them, the wallet is also not to blame for the attack.

Many nodes in the Solana network have stopped working due to the load. The blockchain itself is not affected, but the wallet or the blockchain browser may not load right now.

Emily Rose