Key Takeaways:
Solana’s price fell dramatically within hours, and it is reported that more than 5,000 wallets are affected. The fact that the owners themselves are signing these transactions raises suspicions of a compromised private key.
Late Tuesday night, an unidentified assailant stole Solana and USDC worth countless millions of dollars from thousands of wallets. The cyber-attack- attack, which was still active at 8:00 PM PST, appeared to come from the Phantom wallet on the Solana browser and was thought to have compromised user keys. It may have involved seed phrases that were repurposed by various wallets on various chains.
As of now ( 1 , 2, 3 , 4 ), several Solana addresses have been connected to the attack, and those wallets have stolen at least $5 million worth of SOL, SPL, and other tokens from unwary users. The attack is still progressing.
In the last few hours, “over 5,000 Solana wallets have been depleted,” according to blockchain auditing company OtterSec . The fact that the owners of these transactions are signing them suggests a compromised private key.
Preliminary reports specifically called out the Solana ecosystem and the Phantom browser wallet. As of this writing, the news has already caused an 8% decline in Solana’s valuation in the last two hours.
Crypto investor and analyst Miles Deutscher stated that an unidentified $SOL exploit was currently draining arbitrary Phantom wallets. “$6 million is currently being stolen. Make sure to remove all permissions and transfer your funds to a hardware wallet if you have money on Phantom.”
There's an unknown $SOL exploit currently draining random Phantom wallets right now. ⚠️ $6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet. — Miles Deutscher (@milesdeutscher) August 3, 2022
Popular Solana NFT marketplace Magic Eden also posted a warning about the flaw on Twitter.
The account claimed that “there appears to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.” Magic Eden gave instructions on how to disable permissions for dubious links in the tweet.