Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Ethereum Killer “Solana” Suffers an Ongoing Attack Over 8k+ Wallets Drained

Read Time: 4 minutes

The Solana Network, on the 3rd Aug, suffered an attack which drained more than 8,000 wallets. As an outcome of this hack, the SOL, the native token of the Solana network, fell by ~4%. 

Source: CoinMarketCap

According to several users, cash from well-known internet-connected “hot” wallets like Phantom, Slope, and TrustWallet have been syphoned off without their knowledge, making the Solana ecosystem the target of cryptocurrency’s most recent hack.

As we mentioned, the attack has only affected the ‘hot wallets’, and the targeted wallets were inactive for less than six months.

The wallets accumulated SOL, SPL, and other Solana-based tokens worth at least $5 million from unwary users.

The precise reason for Tuesday’s attack, which primarily affected mobile wallet users, remained unknown.

Wallets of the supposed attacker under Scanner

Address 1: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

Address 2: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu

Address 3: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n 

Address 4: GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

The severeness of the attack can be observed from the fact that the attack is still unfolding at the time of writing. And the wallet holders can barely do anything except see their wallets draining off. 

Initially, it resembled that the attack was limited to Phantom wallets and well-known Solana NFT marketplace Magic Eden. Magic Eden’s warned users on Twitter, saying- “There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.” It also asked users to abort permissions for suspicious links as a precautionary measure. 

Phantom also said– “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” in a tweet. “At this time, the team does not believe this is a Phantom-specific issue. We will issue an update once we gather more information.”

But soon, it was clear that the exploit was not limited to SOL and Phantom wallets. Several users have reported their USDC holdings were drained off. Other reports revealed that wallets such as Slope, Solflare, and TrustWallet were also targeted. 

Theories Behind the Attack

Although the exact cause behind the attack is unclear, according to various users, the following are the probable causes behind the ongoing hack;

The most quoted one: “Supply-chain Attack”

A Supply chain attack is also known as a ‘value-chain or third-party attack.’ It occurs when someone tries to invade your system via an outside partner to access your system’s data. 

Several industry leaders, including Emin Gün Sirer, founder of Avalanche blockchain, said that the transactions were properly signed, pointing towards a ‘supply chain attack’ through which users’ private keys were compromised. 

On the one hand, where the recent Solana hack is believed to be a supply chain attack, on the other hand, some users think if it were so, the magnitude of the hack would have been more than just 8,000 wallets compromised. 

The Solana blockchain observed that hardware wallets were not affected. Based on the available information, Solana Labs communications lead Austin Federa said that “a potential supply chain attack” could be to blame.

Any Previous Supply Chain Attack in Crypto?

The MISO launchpad of Sushiswap had suffered a supply chain attack previously. The attacker changed a smart contract address to the one controlled by them, which resulted in their $3M worth of Ethereum being drained. 

The Shadows on Solana

The Solana attack occurred after a security exploits in the cross-chain messaging protocol Nomad that siphoned off ~$200M. 

In context to Solana, this isn’t the first time a Solana-related hack was discovered. But despite the multiple downturns, the network usage graph continues to trend up.

7,908 Views

Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:

1

Refer QuillAudits to Web3 projects for audits.

2

Earn rewards as we conclude the audits.

3

Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+