The Solana network was exploited by hackers due to information security loopholes, and a major disaster broke out. Users of Phantom and Slope wallets all said that their funds were inexplicably transferred, and the initial estimate was that the loss was about 8 million US dollars. According to the latest official statement from Solana Status, a vulnerability allows attackers to steal funds from multiple Solana wallets. As of 1pm today (3rd), approximately 7,767 wallets were affected.
According to reports, this wave of attacks mostly locks wallets that have not been used for more than half a year, and the stolen cryptocurrencies are mostly Solana native tokens SOL and Solana SPL standard tokens. So far, the number of affected households and the amount of losses have continued to rise.
“We are working closely with other teams to identify vulnerabilities in the Solana ecosystem, and at this time, the team does not believe that Phantom is the only one facing this situation,” Phantom tweeted.
The official Solana team stated that they have been monitoring the development, but so far there is no evidence that the cold wallet has been compromised. The official announcement states:
Engineers from multiple ecosystems, with the help of several security companies, are investigating the theft of the Solana wallet. There is no evidence that cold wallets were compromised.
Solana auditor OtterSec tweeted this morning that the transactions were all signed by the wallet owner, suggesting a private key leak.
The information security team Slow Mist said that the current attack is still ongoing. From the perspective of transaction characteristics, the attacker signed and transferred the account without using the attack contract, and the initial judgment was that the private key was leaked. Many disaster victims reported that they had used a variety of wallets, mainly mobile wallet apps. SlowMist therefore speculates that the problem may appear in the software supply chain.
While waiting for the results of the event analysis, users are advised to deauthorize any suspicious applications from their wallets and transfer the assets in the wallets to cold wallets or large exchanges.