Another major cryptocurrency hack has taken place on the Solana blockchain on Wednesday, when the popular blockchain reported that over 8000 wallet addresses on the Solana Network have been accessed by an unknown attacker.
Despite the fact that the attack is still ongoing, more than 8,000 wallets have been compromised so far, according to blockchain auditors OtterSec. The Solana-based tokens that are associated with the attack have amassed at least $5 million worth of tokens, including SOL, SPL, OPL, and other tokens that are derived from the Solana platform.
As of now, the attack seems to be affecting only the so-called ‘hot’ wallets or wallets that are always connected to the internet, allowing people to easily store and send tokens, but it does not seem to be limited to Solana alone. According to Justin Barlow, an investor at Solana Ventures, he as well suffered the loss of $USDC from this incident.
There are also other wallets that have been compromised as a result of this attack, including Phantom, Slope, and TrustWallet. Solana has warned that users should treat drained wallets as compromised and abandoned, encouraging them to switch to a hardware wallet or a ‘cold wallet’ instead.
As an alternative to hot wallets, cold wallets or USB drives that must be connected to a computer in order to sign transactions are being hailed as a more secure, albeit less convenient solution.
We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information, The team doesn’t believe this is a Phantom-specific issue at this time.
Phantom representative told CoinDesk in a statement
According to Emin Gün Sirer, the founder of one of the other most popular blockchains, Avalanche, there are still no clear clues as to the cause of the attack. However, industry leaders have pointed out that the transactions were properly signed, so it could be an attack on the supply chain that manages to steal users’ private keys. @0xfoobar explained that he believes something has caused widespread compromise of private key information, and warned that revoking the approval of wallets is unlikely to solve the problem.
Just hours before the Solana attack, malicious actors exploited a “chaotic” security flaw to steal almost $200 million worth of digital assets from the Nomad cross-chain messaging protocol, allowing them to make off with nearly $200 million in digital assets. As a result of a recent update to one of Nomad’s smart contracts, attackers were able to easily spoof transactions in order to leak money to dozens of addresses causing $150 million in losses, 80 percent of the money stolen through the “free-for-all” attack.