In yet another attack on the Solana blockchain network – over 8000 hot wallets connected to the network were compromised and drained of their funds which totalled to around $5 million so far in SOL and USDC tokens. The hot wallet service providers include Phantom, Slope and TrustWallet.
Hot wallets are basically the category of crypto wallets where you can store your crypto assets, and be connected to the internet. These are typically connected through the browser and hence something that always is at risk of being compromised by attackers. This is where cold wallets come in, which are essentially hardware crypto wallets, completely disconnected from the internet until you as the owner decide to connect it to the internet to perform any transaction.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
According to Solana, engineers from multiple ecosystems along with the help from several security firms are investing the drained Solana wallets on the blockchain. So far, there have been no impact on hardware wallets.
The hack, which was still ongoing as on around 8 am, IST on 3 August, 2022 – seemed to have originated on the Solana browser wallet Phantom. It is believed to have been compromised via user keys – possibly involving seedphrases that were re-used among these Solana wallets on different chains.
Because the transactions are signed properly, it's likely that the attacker has acquired access to private keys. But how?
— Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
Even Phantom – where the largest number of wallets were compromised in this recent attack – are actively working with different teams to quickly get to the bottom of the reported vulnerability in the Solana ecosystem.
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
As soon as we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022
Even if you have lost funds in this recent compromise, Solana is working hard towards making those funds available to their respective owners again. They are even taking a survey from those affected by the hack in order to find the root of the problem and resolve it as soon as possible.
If your wallet was one of the 7,767 impacted please complete this survey – engineers are investigating the root cause https://t.co/XvvipCMtGY
— Solana Status (@SolanaStatus) August 3, 2022
Times like these can push many investors into panic about the safety of their funds but you will need to remain calm and collected. If you have a wallet today with Phantom and hold assets there which haven’t been drained yet – there are a few things you need to do immediately.
As an added layer of physical security, you can also consider shifting all your assets to a hardware or a cold wallet – which isn’t connected to the internet, and hence completely untouchable by hackers. And for users without a hardware wallet, shifting all of your funds to a centralised custodial exchange is also acceptable temporary workaround.
Ever since the Solana wallet hack news broke, Solana’s native token SOL’s prices have taken a dive, and has lost over 7.5% at its lows and is currently around $39. That is a significant drop, amid adverse news and many investors who were riding the rally were impacted. However, from a technical perspective, things don’t seem too bad either for the token.
Solana prices have managed to sustain above crucial levels on the daily chart, barely holding its own above the 50-day moving average. So the short term trend is still there and unless news of more funds being drained come out, things can be expected to stabilise going forward.
Prices as of 3rd August, 2022
Additional Read: Importance of Crypto Portfolio Diversification
Disclaimer: The above views, information represent the independent views of Primestack Pte. Ltd, Neblio Technologies Pvt. Ltd, and/or their affiliate entities and are for informational/ educational purposes only. The content, information or data provided above is not an offer, or solicitation of an offer, to invest in, or to buy or sell any interest or shares, digital assets/ cryptocurrencies or securities, or to participate in any investment or trading strategy. Any statement or communication made above shall not be treated as legal, financial, investment or tax advice by the reader. The calculations, data, risk-return formulations, performance or market capitalization indicators captured above are based on the independent data sourcing including collation of public information and/or analysis performed by analysts, advisors or employees of Primestack Pte. Ltd/ Neblio Technologies Pvt. Ltd and/or their affiliate companies and/or any third party. Past performance is not indicative of any future results. The reader(s) are hereby advised to consult their financial/ legal/ tax advisor(s) before making any investment.