The Solana Network, on the 3rd Aug, suffered an attack which drained more than 8,000 wallets. As an outcome of this hack, the SOL, the native token of the Solana network, fell by ~4%.
According to several users, cash from well-known internet-connected “hot” wallets like Phantom, Slope, and TrustWallet have been syphoned off without their knowledge, making the Solana ecosystem the target of cryptocurrency’s most recent hack.
As we mentioned, the attack has only affected the ‘hot wallets’, and the targeted wallets were inactive for less than six months.
The wallets accumulated SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.
The precise reason for Tuesday’s attack, which primarily affected mobile wallet users, remained unknown.
Wallets of the supposed attacker under Scanner
Address 1: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
Address 2: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
Address 3: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
Address 4: GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy
The severeness of the attack can be observed from the fact that the attack is still unfolding at the time of writing. And the wallet holders can barely do anything except see their wallets draining off.
Initially, it resembled that the attack was limited to Phantom wallets and well-known Solana NFT marketplace Magic Eden. Magic Eden’s warned users on Twitter, saying- “There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.” It also asked users to abort permissions for suspicious links as a precautionary measure.
Phantom also said– “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” in a tweet. “At this time, the team does not believe this is a Phantom-specific issue. We will issue an update once we gather more information.”
But soon, it was clear that the exploit was not limited to SOL and Phantom wallets. Several users have reported their USDC holdings were drained off. Other reports revealed that wallets such as Slope, Solflare, and TrustWallet were also targeted.
Theories Behind the Attack
Although the exact cause behind the attack is unclear, according to various users, the following are the probable causes behind the ongoing hack;
The most quoted one: “Supply-chain Attack”
A Supply chain attack is also known as a ‘value-chain or third-party attack.’ It occurs when someone tries to invade your system via an outside partner to access your system’s data.
Several industry leaders, including Emin Gün Sirer, founder of Avalanche blockchain, said that the transactions were properly signed, pointing towards a ‘supply chain attack’ through which users’ private keys were compromised.
On the one hand, where the recent Solana hack is believed to be a supply chain attack, on the other hand, some users think if it were so, the magnitude of the hack would have been more than just 8,000 wallets compromised.
The Solana blockchain observed that hardware wallets were not affected. Based on the available information, Solana Labs communications lead Austin Federa said that “a potential supply chain attack” could be to blame.
Any Previous Supply Chain Attack in Crypto?
The MISO launchpad of Sushiswap had suffered a supply chain attack previously. The attacker changed a smart contract address to the one controlled by them, which resulted in their $3M worth of Ethereum being drained.
The Shadows on Solana
The Solana attack occurred after a security exploits in the cross-chain messaging protocol Nomad that siphoned off ~$200M.
In context to Solana, this isn’t the first time a Solana-related hack was discovered. But despite the multiple downturns, the network usage graph continues to trend up.