The Solana smart contract project is suffering from issues once again after it was discovered that close to 8,000 Solana-based wallets have been compromised. Solana is asking victimized wallet owners to complete a survey and the team stressed that “engineers are investigating the root cause.”
Solana Investigates Massive Wallet Exploit, Root Cause of the Hack Is Still Unknown
After the chain had halted on a few occasions in the past, Solana users are now dealing with an extensive wallet vulnerability that affected specific wallet software such as Phantom and Slope. Solana developers and victims discovered the exploit on Tuesday evening (EST) and the hacker’s method of attack is currently unknown.
The blockchain security firm Peckshield noted that it’s possible the exploit stemmed from a supply chain attack. Solana Labs co-founder and CEO Anatoly Yakovenko also stated that the exploit likely derived from a supply chain attack.
“Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected,” Yakovenko wrote. “Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are Slope, but a few Phantom users as well,” the Solana Labs CEO added.
Solana is suffering an exploit, which has drained millions from multiple wallets.
Cause of SOL exploit is still unknown. pic.twitter.com/uvoUO8yNlO
— Hector Lopez (@hlopez_) August 3, 2022
Presently, the amount of stolen funds from the hack is also unknown, as the security firm Anchain estimated the hack to be around $5 million, and Peckshield’s estimate was around $8 million. The Solana Status Twitter account explained what the Solana team had discovered so far.
“Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted,” the team said.
The Solana team also left a survey for victims that asks a number of specific questions like what address was affected by the exploit and what type of wallet the user leveraged. Victims need to detail exactly when they downloaded the wallet and if the wallet was an iOS version, Android version, or Windows, Mac, or browser version.
One question asks victims if they generated a seed phrase from within the compromised wallet and the survey wants to know where and when the seed phrase was created. The seed phrase question is “required,” according to the Solana hack survey hosted on the Solana Foundation’s website.
Solana’s recent wallet exploit follows the blockchain’s issues with block production in September 2021 and June 2022. Between those two dates, Solana’s network had to stop block production a total of eight times.
The exploit this week has damaged solana’s (SOL) market gains and out of the top ten crypto assets, SOL is the only token down in value against the U.S. dollar on Wednesday. SOL is now in the ninth position as well, when it used to be a top-five contender in the crypto economy a few months ago.
“It is not yet clear at this time whether the attackers exploited a vulnerability in the Phantom wallet or some other hidden weakness in the broader Solana ecosystem,” Mikkel Mørch, the executive director at the digital asset investment fund ARK36 told Bitcoin.com News on Wednesday. “But the hack will definitely cast a shadow over Solana’s credibility as a better alternative to Ethereum – especially when it comes to security. It may even give Ethereum some additional boost from the narrative perspective as the safest and most reliable defi ecosystem,” Mørch added.
What do you think about the recent Solana exploit and how it affected close to 8,000 SOL-based wallets? Let us know what you think about this subject in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
Author: Jamie Redman