News

Solana Cyberattack: Hackers May Have Taken $8 Million From Users’ Hot Wallets

Hackers stole $8 million from the hot wallets of scores of Solana users in a recent cyberattack.

Solana Cyberattack: Hackers May Have Taken $8 Million From Users’ Hot Wallets
info_icon

Hackers broke into scores of Solana hot wallets and stole $8 million in one of the latest cyberattacks, renewing concerns of the safety of online transaction in the crypto space.

The brazen Solana cyberattack underscores the need for a better digital security. Experts now advise using a hardware wallet or a centralised crypto exchange wallet to minimize online threats.

Solana (SOL) claims itself as an eco-friendly blockchain, which consumes less energy per transaction, bettering Google’s power consumption for two searches. 

SOL uses a proof of stake consensus mechanism for validating transactions in its blockchain. Like Solana, the Ethereum blockchain is also expected to move to a proof of stake protocol from the present proof of work mechanism next month. Although the exact time of the Solana attack was not immediately known, it is believed to have happened late last night (IST). 

Wade Green, a Solana community member, said in an interview to Indian Express that everything was ordinary till yesterday. He even used his ‘Phantom’ Solana-based crypto wallet to make transactions last night. But he found out later that his funds were wiped clean and hackers got away with about $10,000 in SOL. 

How Much Money Did The Hackers Manage To Steal?

According to data from PeckShield, a blockchain security researcher, the hackers have managed to steal about $8 million worth of Solana tokens.

Meanwhile, researchers at OtterSec, a blockchain security firm, are advising users to move their assets to a hardware ledger or a centralised exchange.

“An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension,” Tweeted Solana. 

The wallets that hackers breached were hot wallets, meaning they were connected to the public internet and were accessible from mobile phones, laptops, desktops, etc. 

What Action Did Slope Wallet Take About This?

Acknowledging the community’s anguish over the hacking, Slope, a crypto wallet for Solana users, said that the hackers did not even spare the wallets of its “staff and founders”. Slope said they are conducting internal investigations and audits and working with top external security and audit groups, developers, and security experts to rectify the problem and help users.

Until the Solana cyberattack probe is concluded, Slope has advised its users to create a “new, unique seed phrase wallet, and transfer all assets to this new wallet.” It also cautioned not to use the same seed phrase on the new wallet that previous Slope wallet users had. “If you are using a hardware wallet, your keys have not been compromised,” Slope said.

Solana clarified that all hardware-based wallets are secure. 

“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” Tweeted Solana.

How Hackers Conducted The Hacks?

According to a Tweet by Solana, “after an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. There is no evidence the Solana protocol or its cryptography was compromised.”

PeckShield said “the widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affected wallets.”