Blog

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Table of Contents

Read Time: 4 minutes

The Solana Network, on the 3rd Aug, suffered an attack which drained more than 8,000 wallets. As an outcome of this hack, the SOL, the native token of the Solana network, fell by ~4%. 

Source: CoinMarketCap

According to several users, cash from well-known internet-connected “hot” wallets like Phantom, Slope, and TrustWallet have been syphoned off without their knowledge, making the Solana ecosystem the target of cryptocurrency’s most recent hack.

As we mentioned, the attack has only affected the ‘hot wallets’, and the targeted wallets were inactive for less than six months.

The wallets accumulated SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.

The precise reason for Tuesday’s attack, which primarily affected mobile wallet users, remained unknown.

Wallets of the supposed attacker under Scanner

Address 1: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

Address 2: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu

Address 3: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n 

Address 4: GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

The severeness of the attack can be observed from the fact that the attack is still unfolding at the time of writing. And the wallet holders can barely do anything except see their wallets draining off. 

Initially, it resembled that the attack was limited to Phantom wallets and well-known Solana NFT marketplace Magic Eden. Magic Eden’s warned users on Twitter, saying- “There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.” It also asked users to abort permissions for suspicious links as a precautionary measure. 

Phantom also said– “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” in a tweet. “At this time, the team does not believe this is a Phantom-specific issue. We will issue an update once we gather more information.”

But soon, it was clear that the exploit was not limited to SOL and Phantom wallets. Several users have reported their USDC holdings were drained off. Other reports revealed that wallets such as Slope, Solflare, and TrustWallet were also targeted. 

Theories Behind the Attack

Although the exact cause behind the attack is unclear, according to various users, the following are the probable causes behind the ongoing hack;

The most quoted one: “Supply-chain Attack”

A Supply chain attack is also known as a ‘value-chain or third-party attack.’ It occurs when someone tries to invade your system via an outside partner to access your system’s data. 

Several industry leaders, including Emin Gün Sirer, founder of Avalanche blockchain, said that the transactions were properly signed, pointing towards a ‘supply chain attack’ through which users’ private keys were compromised. 

On the one hand, where the recent Solana hack is believed to be a supply chain attack, on the other hand, some users think if it were so, the magnitude of the hack would have been more than just 8,000 wallets compromised. 

The Solana blockchain observed that hardware wallets were not affected. Based on the available information, Solana Labs communications lead Austin Federa said that “a potential supply chain attack” could be to blame.

Any Previous Supply Chain Attack in Crypto?

The MISO launchpad of Sushiswap had suffered a supply chain attack previously. The attacker changed a smart contract address to the one controlled by them, which resulted in their $3M worth of Ethereum being drained. 

The Shadows on Solana 

The Solana attack occurred after a security exploits in the cross-chain messaging protocol Nomad that siphoned off ~$200M. 

In context to Solana, this isn’t the first time a Solana-related hack was discovered. But despite the multiple downturns, the network usage graph continues to trend up.

4,058 Views

Related Articles

View All

Leave a Comment

Your email address will not be published. Required fields are marked *

Trending

Loving the presentation by @QuillAudits at the @PolygonGuildLko

Cheers to @sakshamtaneja00 for arranging it so well
And Devendra for the talk.

@PareenL 1. 2 VC partnerships, https://bit.ly/WAGSI_Grants

2. web3 security audit cohort, https://bit.ly/audit_with_us

3. 2 Twitter spaces on web3 security, smart contract auditing

4. Launched Quillcheck ( Rugg pull detector tool ) https://quillaudits.com/tools/quillcheck/

💜 The schedule for Lucknow Roadshow is now LIVE 💜

featuring @0xPolygon, @airchains_io, @QuillAudits, @LensProtocol and more!

📄: See the full program below 👇

I’m excited for tomorrow. 🤩

@vyakart @VishnuKorde @DeployOnStackOS Also we have Pradeep Damle @pradeeppdamle from @QuillAudits will talking abt Security in Web3 Space .

Look forward to meet you all along with @DeployOnStackOS team at @bicblr

Let' get the #indiablockchainweek n #DecodeWeb3 started shall we 🙌

#ethindia #punedao #decloud

💜 The schedule for Lucknow Roadshow is now LIVE 💜

We will feature talks from @0xPolygon, @airchains_io, @QuillAudits, @LensProtocol and more!

📄: See the full program below 👇

We’re excited to meet all of you tomorrow. 🤩

Load More

Amidst FTX Saga, Hacker Swept More Than $25 Million in 2nd week of November

The contract reinvested (the earn function was not called) before the user pledged (depositAll function) without settling the reward, which means that when the user pledged, the contract did not settle the previous reward and instead conducted a new investment.

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:

1

Refer QuillAudits to Web3 projects for audits.

2

Earn rewards as we conclude the audits.

3

Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $190K+