Millions Lost: Next Crypto Hack: Thousands of Solana Wallets Affected | news

Another blow to Solana
Thousands of Solana wallets emptied
Research into the cause is still ongoing

For months, Solana (SOL), one of the top 10 cryptocurrencies, has not stayed out of negative headlines: on the one hand, there were several system crashes, for which critics blame a design error, on the other hand, imputed securities. The company behind the blockchain was shut down due to the illegal sale of . Now a large scale hacker attack has also started.

Loss of millions due to hackers

The hacker’s attack began on August 2 and caused millions in losses: anonymous attackers were apparently able to transact with tokens as if they were owners through an unknown vulnerability. This suggests compromise of the private key.

In this connection, thousands of hot wallets were emptied and coins worth lakhs were stolen. The stolen cryptocurrencies are said to include both Solana’s SOL token and compatible currencies such as USD Coin (USDC). Wallet apps Phantom and Slope are said to be particularly affected, but users of SoulFlare and Trust Wallet are also. It is not yet clear whether compensation will be given to the victims.

An exploit allowed a malicious actor to withdraw funds from multiple wallets on Solana. As of 5 am UTC around 7,767 wallets have been affected.

The exploit has affected many wallets, including the Slope and the Phantom. It seems that both mobile and extension have been affected by this.

— Solana Status (@SolanaStatus) 3 August 2022

background still unclear

The nature of the hack is still being speculated. According to Solana, however, it does not consider it a bug in the Solana network itself – neither the Solana protocol nor its cryptography has been compromised. Rather, only popular wallet software is affected. Victims should consider tampering with their wallet and stop using it.

This does not appear to be a bug with the Solana core code, but in the software used by several software wallets popular among users of the network.

update will be posted https://t.co/ivyoIbdCDP as they become available. 2/2

— Solana Status (@SolanaStatus) 3 August 2022

Solana is still working on a clarification, but Solana’s CEO Anatoly Yakovenko has already tweeted that he believes a “supply chain attack” (supply chain) attack is possible, which is the case with Apple and Android phones. but affects the virtual wallet. In this type of attack, a hacker injects malicious software into an operating system, gaining access to information such as the private key for a virtual wallet.

Android also seems to be affected. The keys for all confirmed stories so far have been imported or generated on mobile. Most reports are sloppy, but there are some phantom users.

— SMS aey.sol, (@aeyakovenko) 3 August 2022

In another tweet, the Solana project explained that the wallet software Slope may have compromised the private key and was therefore responsible for the theft. A preliminary analysis revealed that all affected addresses were either created using Slope’s mobile wallet application, imported or temporarily managed within this app.

After investigation by developers, ecosystem teams and security auditors, it appears that the affected addresses were at one point created, imported or used in the Slope mobile wallet application. 1/2

— Solana Status (@SolanaStatus) 3 August 2022

What can Solana owners do?

One way to protect against this attack could be to transfer funds to a hardware wallet that is not connected to the Internet, as these have not been affected by the exploit so far. Crypto exchanges were probably also unaffected. Hence, Solana advises its users to quickly switch to either of these two options.

editorial office finanzen.net

Image source: Skorzewiak/Shutterstock.com, Alexandra Sova/Shutterstock.com