Users Of Solana-Based Phantom And Slope Wallets Reportedly Losing Millions To An Exploit
KEY POINTS
- Slope and Phantom wallet users have been drained of SOL and USDC
- More than 7,000 wallets have been targeted
- Over $6 million have been lost in the exploit
Solana-based Phantom Wallet and Slope Wallet users saw their funds being withdrawn at a rapid pace Tuesday even as Twitter crypto analysts struggled to figure out the origin of the exploit.
According to a Twitter thread from @officer_cia, a self-proclaimed blockchain detective, the amount stolen from the wallets exceeds $5 million and they recommend unlinking "wallets from all sites" as a possible solution to prevent further drain.
Big news - @Solana hack!
— CIA Officer (@officer_cia) August 2, 2022
In an unknown way scammers are withdrawing $SOL from the wallets of ordinary users right now!
The amount of stolen funds currently exceeds $5 million. I recommend unlinking your wallet from all sites so they don't have access to your assets! pic.twitter.com/NVI5ULeCdB
A Solana-based decentralized exchange (DEX), Solar DEX, pointed out that multiple users received notifications that their crypto was being sent to some unknown address. According to Solar DEX, the attacker or attackers moved 0.1 SOL to four different wallets and "started the attack on all of Solana."
The price of SOL dropped 4% in the last 24 hours and it is priced at $38.70 as of 12.26 a.m. ET Wednesday.
Magic Eden, a Solana-based NFT marketplace, was one of the first Twitter accounts to reveal the exploit.
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links
💜
Solar DEX also listed some things common with all the affected people, including the fact they had not connected their wallets anywhere else.
3. Not connecting to any sites / not doing anything
— Solar Dex (@solar_dex) August 2, 2022
4. Thinking is there is an exploit on @phantom or somewhere on the @solana chain
5. This pertains to ALL Solana tokens
All of them - recommend staking or moving coins to a ledger
Phantom tweeted that they are "working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue."
Some of the developers believe the attack could be initiated using the new version of the Luca Stealer that came out last week. Luca Stealer is a rust-based malware that suck out information from a device after being downloaded on it by an unsuspecting user.
😆 wonder if this is related to that new version of the Luca stealer that came out last week https://t.co/xm2wcsy0l7
— frankwhite (@frankwhite9988) August 2, 2022
The Solana blockchain also suffered a minor service outage, as per SolStatus. The official Twitter handle of Solana Status revealed that "engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted."
Adam Cochran, a partner at Cinneamhain Ventures, said Ethereum users are likely safe unless they have used their seed phrase across chain (Solana and Ethereum) on a wallet like Trust Wallet or Slope.
Emin Gün Sirer, the founder and CEO of Ava Labs – the firm behind the development of Avalanche (AVAX) – revealed that the reason for the SOL wallets being drained could be a "supply chain attack" where a "JS [JavaScript] library is hacked, and it exfiltrates (steals) users' private keys. Affected wallets seem to have been created in the last ~9 months, but there are reports of freshly created wallets also being affected."
Sirer pointed out that IOTA, another blockchain network, was earlier compromised by such an attack and "never quite recovered."
IOTA was compromised by such an attack and never quite recovered. If the same key is in two different hands, it's very difficult to figure out who the legitimate owner is. Stopping the chain wouldn't help, the attack would resume when the chain resumes.
— Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
Binance CEO Changpeng Zhao confirmed that more than 7,000 Solana-associated wallets have been hacked and drained of SOL and USDC, a stablecoin.
There is an active security incident on Solana. Many (7000+ and counting) wallets are drained of SOL & USDC. Don't know root cause yet. Maybe permissions granted to apps. For remediation, send the funds to a cold wallet or CEX like @Binance. https://t.co/nQrBXAgCbf
— CZ 🔶 Binance (@cz_binance) August 3, 2022
"Don't know root cause yet," Zhao said in a Twitter post Tuesday. "Maybe permissions granted to apps. For remediation, send the funds to a cold wallet or CEX like Binance."

© Copyright IBTimes 2024. All rights reserved.