Crypto Beginner

Solana wallets breached in multi-million dollar hack

solana wallet hack

Attention investors, traders, and Web 3.0 BUIDLers! There has been a breach. A breach specifically affecting the Solana ecosystem for now! Solana-specific wallets— Phantom, Trust, and Slope have been the focal points of this attack.

What’s happening with Solana?

The ongoing exploit seems to be draining online wallets, with multiple users complaining about lost funds, almost $5 million in total. As of now, over 8000 wallets have been attacked. And it’s not just SOL that is being aimed at by the attackers.

Several users have also reported losing their USDC tokens.

Note: USDC tokens are SPL or Solana Program Library tokens and represent the assets that can live in Solana’s ecosystem.

How did Solana wallets get compromised?

While the exact reason for the exploit is still being investigated, initial trends suggest that the exploit is more of a mobile-specific issue tied explicitly to the Slope wallet.

Consider this: every online wallet that resides on your phone requires a private key to allocate an address. The private key is the one that you need to be most concerned about. However, private keys aren’t fixed, but a set of random numbers and figures generated primarily by the core hardware (mobile system) the wallet is on.

Currently, the process of randomization specific to the mobile devices having these wallets functional seems flawed. Hence, the private keys are getting widely compromised, and concerned wallets are drained.

Recent developments suggest that all the affected addresses originated from the Slope wallet applications. Some addresses were created on Slope while some were imported or even used there.

The private key exploit, which is gaining certainty over time, seems to have been initiated at Slope’s end with Slope developers pushing the ‘Plain Seed Phrases’ to third-party resources and servers.

A blunder, indeed!

Another reason could be the seed phrase compromise. For those unfamiliar, a seed phrase is a random set of terms generated by your crypto wallet during the initial setup. The seed phrase can be useful if you forget the wallet password and plan on resetting it. In the case of online wallets, having the seed phrase stored on the hardware disk also seems like a reason behind the ecosystem-wide exploit.

What can users do to keep their crypto secure?

The best way to sort this out is to get hold of a reliable hardware wallet and transfer funds from the online wallet to the hardware/cold wallet (wallet with no internet connectivity).

In case that’s not an option and you are still stuck inside those non-custodian wallets (Phantom, Slope, and Trust), try heading over to the wallet ‘Settings,’ ‘Trusted Apps’, and revoke third-party app access or suspicious link permissions.

Note: Trusted apps are no good. They are only meant to connect the crypto wallet to websites to speed up things when you visit next— more like a website cache.

A recent Twitter space conducted by Wallet Guard had experts suggesting the use of desktop wallets in the interim as all the reported breaches have been mobile-focused. Yet, this solution seems largely speculative for now and requires hard pieces of evidence.

What can BUIDLers do?

BUIDLers, who are planning to start their projects on specific ecosystems, including Solana, should be more careful now. Here are the steps to avoid losing face in the future:

  1. Check the history of the ecosystem wallets in case you want to go non-custodial while incentivizing the project.
  2. Move to larger ecosystems where attacks aren’t common or take time to spread out. (The latest Solana exploit drained 5000+ wallets in under 30 minutes).
  3. Try storing seed phrases elsewhere, preferably somewhere offline.
  4. Even though wallets like Phantom removed auto approvals long ago, check for the wallets that still allow third-party auto approvals and revoke permissions beforehand.
  5. Keep doing your own research and educating yourself before entering any project and eventually using the project/ecosystem resources for incentivizing innovation.

What is the current situation?

The price of Solana’s native token SOL has dipped close to 2% since news of the breach surfaced (as of 5.40 PM, 4 August). With regards to plugging the loophole, Solana has self-initiated a DDoS (distributed denial of service) attack to take the RPC or real-to-virtual connecting nodes offline. Yes, another outage, but this time for a good cause.

It has come to light that the widespread attack had nothing to do with the Solana protocol or the associated cryptography required to generate private keys. It was all Slope. Even the Phantom wallets that were drained had previously interacted with corresponding Slope wallets.

Here is a tweet thread by Solana Status, retweeted by Solana’s official Twitter hand:


We believe that this discussion is just the tip of this exploit-specific iceberg. We expect more things to come to light and will keep updating the post, in case some new information shows up. Investors should be vigilant and take all possible necessary precautions to safeguard their funds.


How many times has Solana been hacked?

Solana, like any blockchain or cryptocurrency project, has experienced various security-related incidents, including potential vulnerabilities, attacks, or exploits. However, I don’t have real-time information, and the number of times Solana has been hacked or faced security issues may have changed since then.

Has phantom wallet ever been hacked?

If there have been any security incidents or concerns regarding the Phantom wallet, the official channels would likely provide information on the incident, steps taken to address it, and recommendations for users. Always be cautious and follow security best practices when using any cryptocurrency wallet, such as using secure passwords, enabling two-factor authentication, and keeping your recovery phrases secure.

What happened to Solana wallet?

If there have been security issues or updates related to Solana wallets, the official sources would provide information on the incident, steps taken to address it, and any recommendations for users. Additionally, news articles and reputable cryptocurrency news sources may cover significant events related to Solana or its associated wallets.

What is the most secure Solana wallet?

When using any wallet, follow these general security practices:
– Ensure that you download wallets from official sources.
– Use hardware wallets for an added layer of security, especially for larger amounts.
– Keep your wallet software updated to benefit from the latest security patches.
– Safeguard your private keys and recovery phrases; never share them with anyone.

Before choosing a wallet, check for user reviews, community feedback, and the reputation of the wallet provider. Cryptocurrency wallets involve handling valuable assets, so security is of utmost importance. Always exercise due diligence and stay informed about the latest security recommendations for the specific wallet you choose.

Article Default Disclaimer

Share this:


Subscribe to our newsletter

Weekly crypto updates and insights delivered to your inbox.

Browse our Newsletter Archive for past editions.


Thank you for subscribing!
Please verify your email to start receiving the latest issues from Switch in your Inbox.
Powered by

Build your crypto portfolio on the
CoinSwitch app today

Scan the QR code below or find us on Google Play
Store or Apple App Store.

Build your crypto portfolio on the
CoinSwitch app today

Scan the QR code below or find us on Google Play Store or Apple App Store.