Over 8,000 Solana Native Wallets Drained of $5M+ in Ongoing Attack

  • An ongoing theft has led to the loss of $5.7M from more than 8,000 wallets on the Solana blockchain.

Solana has yet again experienced another attack on its network, this time involving users’ wallets. As of this writing, the attackers had drained over $5.7 million from various Solana-based wallets, including Phantom and Slope.

The perpetrator(s) is yet to be identified, but on-chain data shows that other wallets continue to be impacted on top of the already 8.000+ that have fallen, victim. 

According to Twitter user and crypto player @foobar, the attack has compromised the private keys to these wallets. The theft involves Solana’s native token, SOL, and other Solana-based tokens, or what is known as SPL (Solana Program Library). The latter is analogous to ERC-20 or BEP-20 tokens for Ethereum and Binance Chain, respectively.

Solana Wallets Siphoned of Over $5M

Solana is yet to disclose details of the attack, but @foobar suspects “an upstream dependency supply chain attack.” It is also known as a dependency confusion attack, or supply chain substitution – a name that alludes to code replacement. 

To succeed in such, the attacker typically develops a malicious file with a similar name to an authentic internal file. A package installer tends to choose the file with the higher version number (likely the malicious one). In the case of Solana wallets, hackers managed to install malicious code, or browser extensions, thereby exposing users’ private keys. 

Even though the attack involves private key compromise, the DeFi founder says that revoking approvals is an unlikely solution. 

“Why doesn’t revoking approvals help? Because these SOL and SPL transfers are signed by the users themselves, not transferred away by a third party using approvals.”

In lieu of revoking, he suggests transferring assets to a hardware wallet or keeping hot wallets offline. The second can be done by closing one’s browser, shutting down the device used to access a hot wallet, or applying airplane mode. Other users say transferring one’s assets to a credible centralized exchange (CEX) might help. 

Per his analysis, the attack has affected wallets that have been inactive for over six months. However, several users have reported losing assets even on recently active wallets.

Developers, SOL and Community Reaction

Solana is yet to make any official statement on the ongoing exploit. Nonetheless, several nodes have gone offline to slow down the theft.

Despite the magnitude of the loss, SOL has reacted mildly, only down 2.1% in the past 24h to trade at $39.23.

Just recently, the same network received a blow after a $3.5 million flash loan attack on Nirvana Finance. Solana has also suffered several network outages in the past year, related to an overburdening number of transactions. In mid-May, Solana rolled out a scalability upgrade hoping to cut down the shutdowns but this was not the case. A sixth blackout occurred on June 1, lasting 4hours and 10 minutes.

More backlash from the community came after the network launched a native phone, Saga, in June. Some praised it as the “Apple of Web3”. Others, however, were disappointed that Solana would rather develop other gadgets than focus on its offline issues.

Rebecca Davidson Verified

Rebecca is a Senior Staff Writer at BitcoinWisdom, working hard to bring you the latest breaking news in the cryptocurrency market. In the words of Elon Musk “Buy stock in several companies that make products & services that *you* believe in. Only sell if you think their products & services are trending worse. Don’t panic when the market does. This will serve you well in the long-term.”

Latest News