A number of Solana wallets were attacked tonight, including one of the main ones in the ecosystem, Phantom.
🚨 Widespread Solana private key compromise 🚨
– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for >6 months
– both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
— foobar (@0xfoobar) August 3, 2022
In total, officially, 7,767 wallets were hacked, from which about $5 million were allegedly stolen.
Big news – @Solana hack!
In an unknown way scammers are withdrawing $SOL from the wallets of ordinary users right now!
The amount of stolen funds currently exceeds $5 million. I recommend unlinking your wallet from all sites so they don’t have access to your assets! pic.twitter.com/NVI5ULeCdB
— CIA Officer (@officer_cia) August 2, 2022
The attackers managed to seize the private keys of these wallets that had been inactive for more than 6 months, whereas the hardware wallets would be safe.
How the attack on Solana’s wallets happened
Once they got hold of the private keys, they took away both native SOL tokens and SPL tokens, such as USDC.
At this time, the cause of the problem that allowed the attackers to take possession of the private keys is still unknown.
So far, nothing regarding this attack has been posted on Solana’s main and official Twitter profile, with nearly two million followers. Instead, some tweets have been posted on the Solana Status profile, which has fewer than 90,000 followers.
Since the cause is not known, it is also not possible to completely rule out the possibility that all other unattacked wallets are safe. The only thing that seems to be certain is that hardware wallets do not appear to be affected by this problem.
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.
This thread will be updated as new information becomes available.
— Solana Status (@SolanaStatus) August 3, 2022
The unofficial analysis would indicate that funds have been stolen from wallets linked to some online Apps, so it is recommended that all wallets be disconnected from all Apps momentarily.
These Apps would include Solana NFT Magic Eden and SolaLand.
The wallets targeted in the attack would be the Chrome Phantom and Slope extensions.
How the price of SOL reacted in the market
Curiously, the price of SOL on the market is only losing 4%, although at the time the news broke it dropped suddenly from $41 to $38. But then it recovered slightly.
It is possible that the attack is not due to a problem in Solana’s blockchain, but to some vulnerability in the wallets or Apps to which they are connected.
It is worth noting that Solana has already had several other problems in the past months, albeit different from this one.
Meanwhile, Solana is opening a physical store in New York that aims to be “the Apple Store of the cryptocurrency world”. The project is called “Solana Spaces” and aims to attract the interest of those who are still far from Web3 through initiatives and events to create a broader user base.