The open source blockchain network Solana has been considered the golden child of the crypto scene thanks to claims of its fast and cheap transaction infrastructure. Now some of those same crypto bros are paying the price for jumping onto the DeFi darling.
Though initial reports from Solana put the number of impacted wallets at over 7,700, the latest news from the likes of blockchain analysis firm Elliptic put the number around 8,000, but the number of affected wallets keeps increasing. The total lost funds is hovering somewhere over $5.2 million, but that will likely increase. The company added the flaw could have come from software outside the wallet infrastructure. Crypto security company CertiK said the attack came from four separate addresses.
Late Tuesday, Solana tweeted they were “investigating” the hack with the help of security firms, adding that those hardware wallets and wallets not connected online were not impacted (really, who woulda’ thought). The company further said that all those wallets that were drained should be considered “compromised” and should be set adrift, burned, or whatever other way users wish to say goodbye to their crypto.
Hackers apparently were able to claim the network’s own crypto token SOL as well as USD stablecoin from users’ wallets.
Users were advised to move their resources to a “cold” hardware wallet, rather than leaving it exposed to the crypto pirates still lurking offshore. White Hat hackers are apparently DDoSing their own servers to slow down the hack, according to Solana’s Reddit page, though it seems most of its RPC servers are back online. They also included a survey for those users who say their accounts were impacted.
Solana co-founder Anatoly Yakovenko wrote that the attack could be connected to Android and iOS apps, where attackers exploited some weakness in the supply chain to get access to users’ crypto. In his twitter thread, he points a trembling finger at Apple and Google for security breaches, though of course Yakovenko admitted they haven’t narrowed it down to any connected app.
But blockchain audit firm OtterSec wrote that the attacker was apparently signing for wallet’s actual keys, suggesting that there’s a compromise of users’ private keys. According to BleepingComputer, that could mean a supply chain attack, but it could also be a zero-day flaw in browsers, or even a fault in the user passcode generation process.
Late on Wednesday, Solana tweeted that the exploit was isolated to one wallet on Solana, but “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
Slope, which operates cross-platform wallets on Solana, wrote in a statement that “a cohort” of their wallets were compromised in the breach, but they are still investigating the actual cause.
But even while there’s so much still unknown about the breach, other teams working on the Solana platform are ready to jump down Slope’s throat. In a statement sent to Gizmodo, Phantom Wallet said they have “reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope Finance. We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident.”
Of course, we won’t know until the hack is done with and the Solana devs are left standing upon their field of broken glass.
Update 08/04/2022 at 11:30 a.m. ET: This post has been updated to include additional comments from Solana, as well as the Slope and Phantom Wallet teams.