Here’s Everything We Know About The Solana Exploit

The Solana network has fallen prey to yet another exploit. There is no confirmation if the attack has stopped or is still ongoing. Nonetheless, 8000 wallets have reportedly been affected so far. Additionally, over $7 million worth of tokens has been siphoned off.

In the late hours of the 2nd of August, Tuesday, users reported that their funds from hot wallets such as Phantom, Slope, and TrustWallet, were being drained. The funds, they said, were being moved without their knowledge. One common trope among the affected wallets is that many were inactive for more than six months. Stolen funds included SOL and SPL (USDC), among others.

So far, hardware wallets have not been impacted.

Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.

This thread will be updated as new information becomes available.

— Solana Status (@SolanaStatus) August 3, 2022

Additionally, Phantom has clarified that the attack is not specific to its wallets.

Who is behind the Solana attack? And how was it carried out?

The attacker managed to approve transactions on behalf of the victims without their knowledge. Reliable third-party service was possibly hacked in a so-called supply chain attack, and the hacker somehow got access to the private keys of the victims.

Initially, there was suspicion of Solana-based NFT (non-fungible token) marketplace Magic Eden. But this lead wore off as the attack went on. Magic Eden has advised users to change their settings and revoke permissions for suspicious links.

🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem

Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links

💜

— Magic Ethen 🪄 (@MagicEden) August 3, 2022

According to Matt Dagen, “Luca Stealer” is a possible suspect behind the Solana exploit.

First hints lead to "Luca Stealer" responsible for the Solana hack. The stealer targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. pic.twitter.com/FHyUMAh2S5

— 𝙈𝙖𝙩𝙩 🄳𝙚𝙜𝙚𝙣⚜️ (@Cyber_Matt00) August 3, 2022

A Rust-written malware that steals information recently made its source code available on hacker forums. The spyware steals cookies, login credentials, and saved credit card information. There have been rumors that the malware was employed in the assault. The virus targets browser extensions for cold and hot wallets, including Steam accounts, Discord, and others. Dagen compares the Solana attack with the Luca Stealers’ method and outlines the similarities. Nonetheless, there are some differences as well. However, whether Luca Stealer is the actual hacker is not yet confirmed.

This is not the first time the Solana network has been hacked. Unfortunately, the root cause of Tuesday’s attack is still unknown. Moreover, there is no confirmation on whether the attack has ceased. Thus, hot wallets are still considered vulnerable.

At press time, Solana (SOL) was trading at $39.33, down by 1.9% in the last hour.