Blog

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Table of Contents

Read Time: 4 minutes

The Solana Network, on the 3rd Aug, suffered an attack which drained more than 8,000 wallets. As an outcome of this hack, the SOL, the native token of the Solana network, fell by ~4%. 

Source: CoinMarketCap

According to several users, cash from well-known internet-connected “hot” wallets like Phantom, Slope, and TrustWallet have been syphoned off without their knowledge, making the Solana ecosystem the target of cryptocurrency’s most recent hack.

As we mentioned, the attack has only affected the ‘hot wallets’, and the targeted wallets were inactive for less than six months.

The wallets accumulated SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.

The precise reason for Tuesday’s attack, which primarily affected mobile wallet users, remained unknown.

Wallets of the supposed attacker under Scanner

Address 1: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

Address 2: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu

Address 3: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n 

Address 4: GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

The severeness of the attack can be observed from the fact that the attack is still unfolding at the time of writing. And the wallet holders can barely do anything except see their wallets draining off. 

Initially, it resembled that the attack was limited to Phantom wallets and well-known Solana NFT marketplace Magic Eden. Magic Eden’s warned users on Twitter, saying- “There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.” It also asked users to abort permissions for suspicious links as a precautionary measure. 

Phantom also said– “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” in a tweet. “At this time, the team does not believe this is a Phantom-specific issue. We will issue an update once we gather more information.”

But soon, it was clear that the exploit was not limited to SOL and Phantom wallets. Several users have reported their USDC holdings were drained off. Other reports revealed that wallets such as Slope, Solflare, and TrustWallet were also targeted. 

Theories Behind the Attack

Although the exact cause behind the attack is unclear, according to various users, the following are the probable causes behind the ongoing hack;

The most quoted one: “Supply-chain Attack”

A Supply chain attack is also known as a ‘value-chain or third-party attack.’ It occurs when someone tries to invade your system via an outside partner to access your system’s data. 

Several industry leaders, including Emin Gün Sirer, founder of Avalanche blockchain, said that the transactions were properly signed, pointing towards a ‘supply chain attack’ through which users’ private keys were compromised. 

On the one hand, where the recent Solana hack is believed to be a supply chain attack, on the other hand, some users think if it were so, the magnitude of the hack would have been more than just 8,000 wallets compromised. 

The Solana blockchain observed that hardware wallets were not affected. Based on the available information, Solana Labs communications lead Austin Federa said that “a potential supply chain attack” could be to blame.

Any Previous Supply Chain Attack in Crypto?

The MISO launchpad of Sushiswap had suffered a supply chain attack previously. The attacker changed a smart contract address to the one controlled by them, which resulted in their $3M worth of Ethereum being drained. 

The Shadows on Solana 

The Solana attack occurred after a security exploits in the cross-chain messaging protocol Nomad that siphoned off ~$200M. 

In context to Solana, this isn’t the first time a Solana-related hack was discovered. But despite the multiple downturns, the network usage graph continues to trend up.

1,757 Views

Related Articles

View All

Leave a Comment

Your email address will not be published.

Trending

We need smart contracts audit to:

↗Identify bugs🐞
↗Enhance smart contract’s performance
↗Code optimisation
↗Contract’s performance validation
↗Provide credibility and instil trust among the people
..

The list is long, and it’s absolutely why we need #smartcontract audits.

ÐApps—

According to the reports by @DappRadar,

“The number of users engaging in decentralised applications is growing by 396% yearly, with now 2.4 million.”

Gaming DApps account for over 50% of the user activity in Q1 of 2022.

↓↓

#Web3 | #Ethereum

📌 Why do smart contracts in blockchain needs audit?

↓↓
🧵👇

The need for a smart contract audit can not be stressed enough.

The unbelievable traction of the #DeFi world has resulted in attracting the interest of people with malicious intentions.

#ETH | #cryptocurrency

Load More

Over 300 NFTs Stolen, One of 2022’s Biggest Breach🚨

The Twitter account of Korean NFT artist DeeKay Kwon was compromised and exploited in a phishing scam. As a result, his supporters lost NFT worth nearly $150,000.

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:

1

Refer QuillAudits to Web3 projects for audits.

2

Earn rewards as we conclude the audits.

3

Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $150K+