The Solana network has fallen prey to yet another exploit. There is no confirmation if the attack has stopped or is still ongoing. Nonetheless, 8000 wallets have reportedly been affected so far. Additionally, over $7 million worth of tokens has been siphoned off.
In the late hours of the 2nd of August, Tuesday, users reported that their funds from hot wallets such as Phantom, Slope, and TrustWallet, were being drained. The funds, they said, were being moved without their knowledge. One common trope among the affected wallets is that many were inactive for more than six months. Stolen funds included SOL and SPL (USDC), among others.
So far, hardware wallets have not been impacted.
Additionally, Phantom has clarified that the attack is not specific to its wallets.
Who is behind the Solana attack? And how was it carried out?
The attacker managed to approve transactions on behalf of the victims without their knowledge. Reliable third-party service was possibly hacked in a so-called supply chain attack, and the hacker somehow got access to the private keys of the victims.
Initially, there was suspicion of Solana-based NFT (non-fungible token) marketplace Magic Eden. But this lead wore off as the attack went on. Magic Eden has advised users to change their settings and revoke permissions for suspicious links.
According to Matt Dagen, “Luca Stealer” is a possible suspect behind the Solana exploit.
A Rust-written malware that steals information recently made its source code available on hacker forums. The spyware steals cookies, login credentials, and saved credit card information. There have been rumors that the malware was employed in the assault. The virus targets browser extensions for cold and hot wallets, including Steam accounts, Discord, and others. Dagen compares the Solana attack with the Luca Stealers’ method and outlines the similarities. Nonetheless, there are some differences as well. However, whether Luca Stealer is the actual hacker is not yet confirmed.
This is not the first time the Solana network has been hacked. Unfortunately, the root cause of Tuesday’s attack is still unknown. Moreover, there is no confirmation on whether the attack has ceased. Thus, hot wallets are still considered vulnerable.
At press time, Solana (SOL) was trading at $39.33, down by 1.9% in the last hour.