Users of the Solana digital wallets Phantom and Slope have asserted that an unidentified hack connected to the wallets or linked to trusted apps has resulted in the theft of millions of dollars. Numerous users and market players have reported that an attack on either the Solana network or via native wallets is causing users’ assets to be drained, despite the fact that the users are not linked to any web browsers or carrying out any transactions. The exact nature of the exploit is currently unknown. In addition, the exact amount swiped from user wallets is currently unknown.
Users have reported receiving notifications informing them that they are transferring tokens to an unspecified group of addresses. It is estimated that the entire amount of assets stolen so far amounts to more than $6 million in SOL and comes from more than 7,760 wallets. The total amount seized could not be instantly independently verified by Blockchainreporter.net.
According to the Phantom team, “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. “At this time, the team does not believe this is a Phantom-specific issue.”
Millions Of Dollars Drained Out Of User Wallets
Slope, a web-based cryptocurrency wallet, is another service whose users have reported cases of an exploit. It is reported that the attacker is getting away with SOL tokens as well as Solana Program Library (SPL) tokens. Users have reported that numerous people who are knowledgeable about the situation have had their wallets drained arbitrarily. They have lost thousands of dollars and the majority of their money, which has led to their feeling of depression.
In the meantime, specialists have pointed to two large wallet addresses that are believed to belong to the exploiter. These accounts have a total value of over 37,777 SOL, which is equivalent to approximately $1.5 million. A third wallet containing about 2,402 SOL ($95,000) continues to have assets transferred to its address as a result of the hack. In addition, the vulnerability appears to affect all tokens built on the Solana platform, and there are suggestions that coins should be moved to a ledger, trusted applications, such as the NFT marketplace Magic Eden, should be revoked, or they could be staked to prevent access.
A Supply Chain Attack To Steal Users’ Private Keys
Phantom, a rapidly expanding Solana-based wallet that reached a valuation of $1.2 billion in January, has announced that it is collaborating closely with other teams to investigate a vulnerability that has been discovered inside the Solana ecosystem. Phantom’s goal is to find a solution to the problem as soon as possible. However, the team does not feel that this is a Phantom-specific issue at this time. The non-fungible token (NFT) marketplace Magic Eden urged users to remove permissions for any strange URLs in their Phantom wallets, while Slope stated that it is actively working on sorting out the situation as quickly as possible and restoring it to the best of its ability.
Emin Gün Sirer, founder of another prominent blockchain called Avalanche, and other industry leaders have pointed out that the transactions were properly signed, which suggests that the vulnerability could be a supply chain assault that manages to steal users’ private keys. The cause of the attack is yet unknown, but industry leaders have pointed out that the vulnerability exists. There is a high probability that something has led to the widespread compromise of private keys, and users are cautioned that canceling wallet approvals is unlikely to be of any assistance.
Cryptocurrency Heists Getting More Ambitious
The attack on Solana occurred just a few hours after criminal actors took advantage of a “chaotic” security flaw to steal about $200 million worth of digital assets from the cross-chain messaging protocol Nomad. The “free-for-all” attack, in which more than 41 addresses drained $152 million, accounting for 80% of the stolen assets, was made feasible by a recent upgrade to one of Nomad’s smart contracts, which simplified the process of spoofing transactions for users and hence made it easier for users to steal money.
Hacks and vulnerabilities associated with DeFi and NFTs continue to increase. In the first quarter of this year alone, reports revealed that hacks totaled more than $1.2 billion, indicating an increase in frequency for the sector. The CEO of Immunefi at the time, Mitchell Amador, stated in an interview that continuous hacks are essentially intractable. He anticipated that events would take this course, and he thinks that volatility is inherent to crypto. Therefore, the amount of money moving in would increase.
