Hackers attack Solana cryptocurrency, stealing millions

Solana cryptocurrency platform logo.

Jakub Pozhitsky | NurPhoto via | Getty Images

Nearly 8,000 digital wallets were emptied of just over $5.2 million in digital coins, including solanasol token and USDCoin (USDC), according to analytics company Elliptic. The Solana Status Twitter account confirmed the attack, noting that as of Wednesday morning, the exploit had affected approximately 7,767 wallets. Elliptic’s estimate is slightly higher at 7,936 wallets.

SolanaThe sol token, one of the largest cryptocurrencies after bitcoin and ether, fell by about 8% in the first two hours after the hack was initially discovered, according to CoinMarketCap. It is currently down about 1% while trading volume is up about 105% in the last 24 hours.

Beginning Tuesday evening, several users began reporting that assets held in “hot” wallets, i.e. addresses connected to the Internet, including Phantom, Slope and Trust Wallet, were being depleted.

Phantom said on Twitter said it was investigating a “claimed vulnerability in the solana ecosystem” and did not believe the problem was related to Phantom. Blockchain audit firm OtterSec tweeted that The hack affected several wallets “on a variety of platforms.”

Elliptic Chief Scientist Tom Robinson told CNBC that the root cause of the hack is still unclear, but “it appears to be due to a flaw in certain wallet software, not the solana blockchain itself.” OtterSec added that the transactions were signed by the actual owners, which “suggests that the private key has been compromised.” A private key is a secure code that grants the owner access to their cryptoholdings.

The identity of the attacker is still unknown, as is the root cause of the exploit. The violation continues.

“Engineers from several ecosystems, with the help of several security firms, are investigating empty wallets on Solana,” according to the Status of SolanaTwitter account that shares updates to the entire Solana network.

The solana network strongly encourages users to use hardware wallets as there is no evidence that they have been affected.

“Don’t reuse your seed in a hardware wallet – create a new seed. Empty wallets should be considered compromised and abandoned.” reads one tweet. Seed phrases are a set of random words generated by a crypto wallet when it is first set up, and it provides access to the wallet.

The private key is unique and links the user to their address on the blockchain. The seed phrase is a fingerprint of all the assets of the user’s blockchain, which is used as a backup in case the crypto wallet is lost.

The incident happened one day after $200 million Nomad blockchain bridge hack. This is the latest crisis that has gripped the cryptocurrency market in recent weeks.

“Four addresses are currently associated with the hacker, which is a far cry from yesterday’s “decentralized looting” that involved more than 120 individual users,” Deutscher said. “This means that the SOL exploit was carried out by a single party, although the specific details remain ambiguous.”

The Solana network was considered one of the most promising newcomers to the crypto market, with proponents such as Chamath Palihapitiya and Andreessen Horowitz touting it as a contender for Ethereum with faster transaction processing times and improved security. But lately it has run into a number of issues, including downtime during periods of activity and the perception of being more centralized than Ethereum. Due to a major outage in June, the Solana platform went down for several hours.

Etherthe native token of the Ethereum blockchain, rose by 6% in 24 hours.