Solana wallets compromised leading to millions in users funds stolen

Users of Solana have been advised to transfer their money to cold storage and to be on the lookout for potential frauds following a significant wallet hack that resulted in the theft of more than $8 million.

A broad vulnerability that has been active since Wednesday and targets Solana wallets has shaken the cryptocurrency world. Two Solana-based wallet services, Phantom and Slope, first announced the attack on their social media channels. A large number of cryptocurrency influencers, blockchain analytic and security companies, as well as victims of the hack, did the same as the attack progressed.

Several commenters pointed out that because transactions were being signed on the chain legally, attackers had valid access to user private keys. Emin Gun Sirer, the CEO and creator of Ava Labs, stated that more than 7,000 wallets had been impacted; other people and businesses have also used this figure online. 

Since the exploit’s inception, Solana Status has been providing updates, and on Wednesday at 5:00 am UTC it reported that 7,767 wallets had been compromised. The affected wallets included both browser and mobile extensions. 

There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.

Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.

Wallets drained should be treated as compromised, and abandoned.

— Solana Status (@SolanaStatus) August 3, 2022

The owners of the 8,000 empty wallets were instructed to “treat these as compromised, and abandoned,” while Solana emphasized that users relocate cash to cold storage and establish new seed phrases.

Anatoly Yakovenko, a co-founder of Solana, shared the most recent information from the team on his Twitter account, underlining what other blockchain researchers had surmised to be a supply chain attack that allowed the hackers to acquire private keys. 

According to Yakovenko’s first findings, wallets that had only ever received Solana (SOL) and had no other contacts were harmed. Both iOS and Android devices were impacted by the attack, and all affected wallets had their private keys imported or produced on mobile. 

The general cryptocurrency ecosystem’s advice to SOL holders is to transfer their assets to cold storage or centralized exchanges and to revoke permissions from reputable apps in their wallet settings.