- CoinSnacks
- Posts
- UnSOLved Mysteries
UnSOLved Mysteries
Pandemonium hit Solana last week when users reported that their internet-connected “hot” wallets had been drained.
The crypto hacks just keep coming.
Pandemonium hit Solana last week when users reported that their internet-connected “hot” wallets had been drained. Over 8,000 wallets have been affected so far, resulting in almost $5 million in losses.
As of now, there are over 8,000 victims and counting
dune.com/queries/1131425
— OtterSec (@osec_io)
2:34 AM • Aug 3, 2022
Making matters worse is the fact that we’re not out of the woods yet. The cause of the hack is still not identified, meaning those numbers continue to rise.
The Hack
News of the attack first came on Tuesday, August 2, around 8:00 PM EST, when users reported that both their mobile and desktop hot wallets, including popular options Phantom and Slope, had been mysteriously and suddenly drained.
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @ph@phantomllet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links💜
— Magic Eden 🪄 (@MagicEden)
12:08 AM • Aug 3, 2022
The attack itself is straightforward. Somehow the attackers gained access to people’s private keys. This means that the attackers have the power to sign and approve transactions on their behalf. At that point, all they need to do is transfer funds out of the hacked wallet and into their own.
Investigators still have no idea how the private keys were compromised. Right now, it doesn’t look like this was an issue with Solana itself, but instead with the wallets. Some possible explanations being thrown out there include a browser extension leak, mobile malware, or, as Solana co-founder Anatoly Yakovenko speculates, an iOS supply chain attack.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected.
explorer.solana.com/address/5Fh8K2…
As well as key that were imported into iOS, and generated externally.
explorer.solana.com/address/Dojowi…
— toly 🇺🇸 (@aeyakovenko)
8:26 AM • Aug 3, 2022
Until the investigation is complete and the hack is patched, it is probably a good idea to take any funds out of Solana hot wallets (especially Phantom and Slope) and into either Centralized Exchanges or a cold wallet.
Wallet Safety Reminders
Regardless of what investigators eventually find, this hack is a harsh reminder of the dangers of keeping funds in a hot wallet.
What hot wallets gain in speed and convenience over their cold wallet counterparts, they lose in security. Being constantly connected to the internet means that they are in constant danger. Sometimes, like in the current Solana hack, exploits happen due to conditions entirely out of your control.
For maximal safety:
Only keep funds you are willing to lose in a hot wallet.
Keep the rest in a cold wallet (Ledger, Trezor, etc.).
Never, ever, tell anybody your seed phrase.