Today, one of the most curious hacks in the crypto scene occurred. More than $6,000,000 in Solana and USDC was stolen from over 8,000 Solana wallets. The hacker used private keys to drain user funds, which is why it is considered one of the most mysterious hacks in the crypto industry so far. We will show you what happened and how you can protect yourself.
Timeline – How the Solana Hack Happened
It all started this morning when some noticed unusual money outflows from Phantom wallets on Solana. Numerous news thus appeared on social media that users are massively transferring funds from their wallets. Phantom commented on this and made a statement that this was not a “phantom-specific problem”.
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
As soon as we gather more information, we will issue an update.
– Phantom (@phantom) August 3, 2022
A short time later, the developer and auditor 0xfoobar discovered that the hackers were stealing both Solana and USDC from Slope and Phantom wallets.
🚨 Widespread Solana private key compromise 🚨
– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for >6 months
– both Phantom &Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
– foobar (@0xfoobar) August 3, 2022
The best thing to do in such a situation is to immediately revoke access to all linked dApps in order to reduce the likelihood of being hacked yourself.
AVAX co-founder el33th4xor made the claim relatively quickly that the attacker gained access to private keys and was able to transfer the money. There are two theoretical possibilities for this: on the one hand, the hackers could have carried out a “supply chain attack”. To do this, they had to hack the JS library and steal the private keys. On the other hand, a browser exploit would also be an option. However, this seems extremely unlikely, since several Internet systems would have to be affected for this. In this hack, only Solana has been infiltrated. In addition, Emin Gün Sirer realized that hardware wallets and tokens on central exchanges are not at risk.
In all cases, hardware wallets and CEXes seem unaffected, so those of you holding your Sol assets on those systems ought to be fine.
– Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
After hours of speculation, Solana responded on Twitter that more than 7,767 wallets have been affected by the exploit.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
– Solana Status (@SolanaStatus) August 3, 2022
Solana RPC nodes fail for no reason
The hack also got worse as some RPC nodes started pinging as “offline”. This suggested that the Solana network had gone down, which caused more panic on Twitter.
lmao you can’t make this up – some madlad started DOSing the hacker which caused the RPC nodes to start failing
FYI – the chain is fine pic.twitter.com/AzbEvFLft4
– mert / Helius ☀ (@0xMert_) August 3, 2022
The reason for this is an alleged counterattack on the hacker. According to the theory, the developers are said to have carried out several DDoS attacks on the nodes in order to slow down the hack. However, it is worrying so far that the exact cause of the failure is still not clear.
Solana Hack – So far no exact cause and goal known
Even Solana co-founder Anatoly could not give a verdict on what was the cause and the exact goal of the hack. Most likely, iOS-imported wallets have been the main target. Currently, the Solana developers are asking users for data to try to get to the bottom of the exploit. Solana’s latest update states that the reason for the hack does not appear to be a bug with the Solana core code.
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
– Solana Status (@SolanaStatus) August 3, 2022
Thus, it should be noted that it was not the Solana network that was hacked, but only “third-party” plugins were used to gain access to the funds.
Impact on the price of Solana
After the events became known, the cryptocurrency Solana collapsed by more than 10%. The hack is a new image damage for the project and unsettles investors. In addition, the failure of the RPC nodes is another setback. However, it seems that the code of Solana is not directly affected. This realization is currently providing a little reassurance and Solana was therefore able to win almost 5% again. Thus, the coin currently costs $ 40.28. But since the causes have not yet been clarified, one should not become too euphoric. Considering the events, Solana is therefore a very risky investment.
Crypto Hacks Are On the Rise – How Do I Protect Myself?
Unfortunately, the Solana exploit is no longer a special case. This is how the fourth largest hack in crypto history happened yesterday. Due to an update error, more than $ 190 million was stolen from the Nomad Bridge. The crypto market has consequently become a popular target for hackers. This makes it all the more important for retail investors to protect their funds in a high-risk environment. It is particularly striking that hardware wallets are unaffected by almost every hack. That’s why the motto developed in the crypto space: “Not your keys, not your coins.” So if you want to be one hundred percent on security and want to protect your money from hacker attacks or bankruptcies, you will not be able to get around a hardware wallet. Only those who keep their coins personally will remain safe from such events with a high probability.