Share this article on:
On Tuesday, an unknown hacker reportedly drained millions from online Solana cryptocurrency wallets after owners reported their funds had been mysteriously withdrawn.
Following an investigation, the "Solana Status" Twitter account posted that the incident was linked to Slope wallets on Wednesday, a type of cryptocurrency wallet platform built for Solana.
While the hack and extent of the damage are still under further investigation, it appears a private key (or password) information for the impacted "hot" wallets had been "inadvertently transmitted to an application monitoring service", rather than a Solana blockchain compromise.
Speaking with Fortune, Austin Federa, head of communications at the Solana Foundation, explained that the "root cause" of the hack is still being determined.
"Engineers … continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained.
"This does not appear to be a bug with Solana core code, but in software used by several wallets popular among users of the network," Federa said.
With over 8,000 wallets targeted in the attack, Solana hot wallets, notably Phantom, Slope, and Trust Wallet that were connected to the internet had been affected the most.
The unidentified hacker could have stolen at least $5.2 million worth of assets, according to security firms, which include Solana's native cryptocurrency SOL, a small number of non-fungible tokens (NFTs), and over 300 Solana-based tokens.
As of now, there are over 8,000 victims and countinghttps://t.co/I5CGGzczYu pic.twitter.com/ztdsZoBlaC
— OtterSec (@osec_io) August 3, 2022
As Federa mentioned, how the hack happened is still a mystery, but it appears the hacker was able to approve transactions on behalf of victims, transferring funds without the owners' consent.
According to Anatoly Yakovenko, co-founder of Solana, the incident is the result of a "supply chain attack", a type of cyber attack where an attacker can access a victim's account by targeting a third-party vendor.
Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.
— SMS aey.sol, ?? (@aeyakovenko) August 3, 2022
Weighing in on the Solana hack, security firm Elliptic suspects the cause is a software error, publishing the commentary on their blog.
"The root cause is still not clear, but it appears to be due to a flaw in certain wallet software – rather than in the Solana blockchain itself," Elliptic stated.
Phantom shared their thoughts on Twitter stating that the company believes the incident is due to "complications related to importing accounts to and from Slope".
"We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident," Phantom posted.
Slope explained that "a cohort of Slope wallets were compromised in the breach", in a statement.
"We have some hypotheses as to the nature of the breach, but nothing is yet firm..."
"We are actively conducting internal investigations and audits, working with top external security and audit groups," Slope said.
For now it appears the hack has only affected those who use Solana products, but a Trust Wallet and Slope wallet user has claimed they lost USDC on both Solana and Ethereum as well, indicating that the true impact is yet to be confirmed.
As Elliptic continues to investigate, developments can be found on its blog, the company stated.
The Solana Status Twitter account will be posting updates as they become available.
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
According to Fortune, experts advise funds from a hot wallet should be moved to a hardware wallet as soon as possible.
Hot wallets, which appear to have been targeted by the hacker in this incident are more susceptible to attack, due to constant internet connection, instead of being stored physically offline.
In comparison, "cold" wallets, or hardware wallets are considered to be the safer option for cryptocurrency investors due to offline storage, though there are still risks, can protect cryptocurrency funds.
The Solana Status Twitter account posted that "there's no evidence (cold) hardware wallets have been impacted", and it has now strongly advised users to use hardware wallets.
"Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.
"Wallets drained should be treated as compromised, and abandoned," the Solana Status Twitter account urged.
[Related: Cyber attacker ‘traps’ uncover threat activity impact after Russia’s invasion of Ukraine]