- More than 8,000 web-linked wallets have been hacked
- Phantom denied the claims that their wallet caused the hack
The Solana ecosystem suffered a massive attack on Tuesday evening, August 2. Users lost $6 million collectively, their wallets being drained of all their funds, CoinDesk reported. So far, more than 8,000 web-linked (hot) wallets have been hacked.
Among the user wallets drained are Phantom, Slope and TrustWallet. The hacker took everything in this “smash and grab” wallet raid. While speculation about the cause of the attack is mounting, the exact reason remains unknown.
A sudden crisis
A contributor to the Solana network, SolportTom, was one of the first to ring the alarm. He tweeted:
There wasn’t any mint that happened at the time of the drain. The transactions look like normal transfers, not transfers from a contract. This is eco-system wide, people speculating that it has to do with a gambling service.
Phantom denied the claims that their wallet caused the hack despite prior evidence of vulnerabilities. They commented:
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
Some insiders connected the hack to a widespread private key compromise. Initially, users linked the attack to transactions on Magic Eden’s NFT marketplace, which is based on Solana. Magic Eden tweeted instructions to users to avoid losses by revoking permissions from its wallet.
Users should send funds offline
Users have been warned to send all of their cryptocurrency to a hardware wallet. The attack seems to have impacted mostly mobile wallets.
Hacker signed off transactions on users’ behalf
The hacker was somehow able to initiate and approve transactions, which indicates a trusted third party had a vulnerability used in a supply chain attack. The Ethereum Mainnet could also be affected as one user reported having lost USDC on it and Solana.
Solana lost 4% after the attack
Solana grew in popularity thanks to fast transactions and low fees. Its native token,SOL, lost 4% in the hours after the hack. Its currently down to 9th position by market cap.
The long-running debate reignited
The hack is expected to spark the debate surrounding the security of hot wallets. They are always online in order to provide a convenient way for users to store, send, and receive crypto.