Solana’s ecosystem is currently under attack with 7,767 wallets, mostly private keys, compromised. The Solana team has gathered engineers from different ecosystems to find the root cause of the attack as the Solana community mourns over their hard-earned SOL & USDC losses.
Just when the Web3 market was showing good signs for August, the month began with two heists within 3 days. First, Nomad’s cross-chain bridge got hacked, causing a $190M loss to the users. The protocol is still investigating the case with the law enforcement agencies to crack down on the hackers and trace back the stolen funds.
Today, the Solana community was hit with a big attack on its ecosystem. The hackers managed to find a loophole and are currently draining out thousands of dollars from private key wallets in the span of minutes.
Hackers steal private keys to drain out SOL & USDC
According to Emin Gün Sirer, co-founder of Ava Labs, the hackers seem to have targeted the private key wallets of various users that have remained inactive for less than 6 months but also freshly made crypto wallets.
The attackers are continuously draining out Solana token (SOL) and SPL token (USDC). As of now, $5,000,000 worth of digital assets has been stolen in the Solana ecosystem hack.
Sirer explained that the hackers seem to be using the same pattern as the one with IOTA, which the team never managed to recover. This could mean a bad sign for the Solana community as well.
Sirer said the hackers might have gotten access to private keys, “One possible route is a “supply chain attack” where a JS library is hacked, and it exfiltrates (steals) users’ private keys. Affected wallets seem to have been created in the last ~9 months, but there are reports of freshly created wallets also being affected.”
User @0xfoobar says both Phantom & Slope wallets are reportedly drained out completely of SOL and USDC. The user believes it’s an upstream dependency supply chain attack.
Prior to the report, the Phantom team updated its community about the attack. Insert tweet:
As of now, the Solana team is still trying to stop the attackers from draining wallets. Many people believe the chain should be paused but that wouldn’t make any difference as once the chain resumes, the hackers will also continue with their heist.
Sirer believes that a potential nonce reuse bug might be the loophole that gave hackers access to the private keys. This type of bug gives attackers a chance to use a nonce, the one used in signature generation in private keys, to access the wallet. However, @SolanaStatus shared that engineers are still looking for the root cause of the attack.
Compared to private key wallets, the users who have Solana assets in hardware wallets and CEXes seem to be safe from this attack.
How can private key wallet users save themselves?
Since private key wallets don’t have any third-party involvement for approvals, all the transfers made from these wallets are signed by users. So, no one can really save the wallets from draining except the owner.
@0xfoobar suggests that the best way for private key wallets to save themselves is to transfer their funds to another wallet that has never exposed its private key on a browser extension, i.e., hardware wallets.
Solana Status updated its users that currently no hardware wallets have been drained although there is no evidence of this claim and advised, “Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.”
The Solana team has released a survey for affected wallet owners which might possibly help engineers figure out the cause of the hack.
Solana (SOL) prices pummel down
As soon as the news broke out on the internet and people started reporting on their stolen assets, Solana’s native token SOL dropped drastically due to a huge sell-out and panic in the market.
Solana is trading at $38.49 at the time of writing and is expected to drop as time passes by.