Crypto Beginner

Solana wallets breached in multi-million dollar hack

solana wallet hack

Attention investors, traders, and Web 3.0 BUIDLers! There has been a breach. A breach specifically affecting the Solana ecosystem for now! Solana-specific wallets— Phantom, Trust, and Slope have been the focal points of this attack.

What’s happening with Solana?

The ongoing exploit seems to be draining online wallets, with multiple users complaining about lost funds, almost $5 million in total. As of now, over 8000 wallets have been attacked. And it’s not just SOL that is being aimed at by the attackers.

Several users have also reported losing their USDC tokens.

Note: USDC tokens are SPL or Solana Program Library tokens and represent the assets that can live in Solana’s ecosystem.

How did Solana wallets get compromised?

While the exact reason for the exploit is still being investigated, initial trends suggest that the exploit is more of a mobile-specific issue tied explicitly to the Slope wallet.

Consider this: every online wallet that resides on your phone requires a private key to allocate an address. The private key is the one that you need to be most concerned about. However, private keys aren’t fixed, but a set of random numbers and figures generated primarily by the core hardware (mobile system) the wallet is on.

Currently, the process of randomization specific to the mobile devices having these wallets functional, seems flawed. Hence, the private keys are getting widely compromised, and concerned wallets drained.

Recent developments suggest that all the affected addresses originated from the Slope wallet applications. Some addresses were created on Slope while some were imported or even used there.

The private key exploit, which is gaining certainty over time, seems to have been initiated at Slope’s end with Slope developers pushing the ‘Plain Seed Phrases’ to third-party resources and servers.

A blunder, indeed!

Another reason could be the seed phrase compromise. For those unfamiliar, a seed phrase is a random set of terms generated by your crypto wallet during the initial setup. The seed phrase can be useful if you forget the wallet password and plan on resetting it. In the case of online wallets, having the seed phrase stored on the hardware disk also seems like a reason behind the ecosystem-wide exploit.

What can users do to keep their crypto secure?

The best way to sort this out is to get hold of a reliable hardware wallet and transfer funds from the online wallet to the hardware/cold wallet (wallet with no internet connectivity).

In case that’s not an option and you are still stuck inside those non-custodian wallets (Phantom, Slope, and Trust), try heading over to the wallet ‘Settings,’ ‘Trusted Apps’, and revoke third-party app access or suspicious link permissions.

Note: Trusted apps are no good. They are only meant to connect the crypto wallet to websites to speed up things when you visit next— more like a website cache.

A recent twitter space conducted by Wallet Guard had experts suggesting the use of desktop wallets in the interim as all the reported breaches have been mobile-focused. Yet, this solution seems largely speculative for now and requires hard pieces of evidence.

What can BUIDLers do?

BUIDLers, who are planning to start their projects on specific ecosystems, including Solana, should be more careful now. Here are the steps to avoid losing face in the future:

  1. Check the history of the ecosystem wallets in case you want to go non-custodial while incentivizing the project.
  2. Move to larger ecosystems where attacks aren’t common or take time to spread out. (The latest Solana exploit drained 5000+ wallets in under 30 minutes).
  3. Try storing seed phrases elsewhere, preferably somewhere offline.
  4. Even though wallets like Phantom removed auto approvals long ago, check for the wallets that still allow third-party auto approvals and revoke permissions beforehand.
  5. Keep doing your own research and educating yourself before entering any project and eventually using the project/ecosystem resources for incentivizing innovation.

What is the current situation?

The price of Solana’s native token SOL has dipped close to 2% since news of the breach surfaced (as of 5.40 PM, 4 August). With regards to plugging the loophole, Solana has self-initiated a DDoS (distributed denial of service) attack to take the RPC or real-to-virtual connecting nodes offline. Yes, another outage, but this time for a good cause.

It has come to light that the widespread attack had nothing to do with the Solana protocol or the associated cryptography required to generate private keys. It was all Slope. Even the Phantom wallets that were drained had previously interacted with corresponding Slope wallets.

Here is a tweet thread by Solana Status, retweeted by Solana’s official Twitter hand:

Bottom-Line

We believe that this discussion is just the tip of this exploit-specific iceberg. We expect more things to come to light and will keep updating the post, in case some new information shows up. Investors should be vigilant and take all possible necessary precautions to safeguard their funds.

Disclaimer : Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. The information provided in this post is not to be considered as investment/financial advice from CoinSwitch. Any action taken upon the information shall be at user’s own risk.

Share this:

IN THIS ARTICLE

Subscribe to our newsletter

Get the latest crypto news and coverage delivered to your inbox. Free.

Browse our Newsletter Archive for past editions.

SnowSnow

Thank you for subscribing!
Please verify your email to start receiving the latest issues from Switch in your Inbox.
Powered by

Build your crypto portfolio on the
CoinSwitch app today

Scan the QR code below or find us on Google Play
Store or Apple App Store.

Build your crypto portfolio on the
CoinSwitch app today

Scan the QR code below or find us on Google Play Store or Apple App Store.