Millions Drained in Widespread Solana Wallet Exploit

Multiple people took to Twitter on Wednesday to report funds being drain from their Solana-based wallets, including Phantom, Slope, and TrustWallet.
Although it is a widespread Solana exploit, with around 8,000 wallets being compromised, its root cause remains unknown.

by Krasimir Buchvarov – August 3, 2022, 10:55 AM

Shutterstock

It appears that the Solana ecosystem has fallen victim to a widespread wallet exploit, which has resulted in funds being drained from thousands of crypto wallets, Solana users reported via Twitter on 3 August.

Multiple people have complained that their funds have been drained from their hot wallets — including Phantom, Slope, and TrustWallet — without their knowledge, with Solana Status estimating that almost 8,000 wallets were compromised in the exploit. Several Solana addresses have already been connected to the attack, , with blockchain investigator PeckShield estimating that the loss to the ecosystem was around $8 million.

#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022

Several ecosystem engineers, security firms, and Solana-based platforms have already began investigations into the exploit, which allowed the attacker to sign transactions on behalf of other users. Although it appears that this is a widespread Solana exploit, its root cause remains unknown.

Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.

This thread will be updated as new information becomes available.
— Solana Status (@SolanaStatus) August 3, 2022

Prominent crypto exchange CEOs — including OKX’s Jay Hao, Binance’s Changpeng Zhao, and KuCoin’s Johnny Lyu — noted they were in contact with the Solana team, and have blocked the suspicious addresses as requested. They also took the chance to recommend to Solana users to move their holdings to their platforms as an immediate security measure.

Discussion

Related Coverage

Balancer Exploited After Giving Warning

DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.

August 28, 2023, 1:55 PM

Shutterstock

Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss

DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.

Curve Exploited for $41M Due to Vyper Vulnerability

Versions 0.2.15, 0.2.16, and 0.3.0 of Vyper have malfunctioning reentrancy locks, which left smart contracts compiled with them vulnerable to reentrancy attacks.
An estimated 460 contracts were compiled using these versions of Vyper which resulted in millions being lost to attacks, with Curve Finance reportedly losing $41 million.