The Solana ecosystem fell victim to a massive hacking attack on Tuesday night, with users losing at least US$6 million when their crypto wallets were completely emptied, CoinDesk reports. So far, it is known that at least 8,000 online wallets have been hacked.
The target of the attack was the crypto wallets of Phantom, Slope and TrustWallet. The hackers were able to access and withdraw all tokens in the affected wallets in this “smash and grab” attack. At the moment, there is still speculation as to which security vulnerability could have led to this hack, but the exact reason remains unknown.
The crisis was sudden
A Solana network employee, SolportTom, was one of the first to sound the alarm. He puzzled over the cause on Twitter:
No minting took place at the time of the outflows. The transactions look like normal transfers, not part of smart contracts. People speculate that it has to do with a gambling service.
Allegations that the security gap lies with the phantom wallets quickly emerged. There have been problems with this provider’s wallets in the past. However, he rejected the blame:
We are working closely with other teams to get to the bottom of a reported security vulnerability in the Solana ecosystem. At this stage, the team does not believe that this is a Phantom-specific issue.
Some insiders linked the hack to widespread compromise of private keys. Initially, users linked the attack to transactions on Magic Eden’s NFT marketplace, which is based on Solana. Magic Eden tweeted instructions to users: one can avoid losses by revoking wallet permissions.
Users were also warned to send their cryptocurrencies to a hardware wallet. The attack seems to have mainly affected mobile hot wallets.
Hackers carried out transactions on behalf of users
The hacker or hackers were able to initiate and approve transactions. This suggests that there was a vulnerability at a third party that was used in an attack on the chain. The Ethereum blockchain could also be affected. At least one user reported losing ERC-20 tokens that can only work on Ethereum, including USDC coins.
Solana price fell by 4% after the news
The Solana blockchain is becoming increasingly popular thanks to fast transactions and low fees. The native token SOL lost 4% in the hours after the hack. It currently ranks 9th among cryptocurrencies by market capitalisation.
The hack is expected to reignite the debate about the security of hot wallets. They are always online to provide users with a convenient way to send and receive cryptocurrencies.