Solana-Based Wallet Users Drained in Suspected Exploit
Users of Solana-based digital wallet Phantom are claiming millions have been stolen from an exploit linked to the wallet or Magic Eden, an NFT marketplace denominated in the network’s native token SOL.
According to several users and market participants, the exploit on either the Solana network or the wallet is draining users’ funds despite being disconnected from web browsers or actioning any transfers. Exact details of the exploit are not yet known.
Users said they are receiving notifications that they are sending tokens to an unknown set of addresses. The total amount of funds drained so far is suspected of totaling more than $6 million in SOL. Blockworks was unable to immediately independently verify that figure.
some exploit either with @phantom or @MagicEden, drained 6mil in like 10 mins literally every phantom wallet getting compromised, not sure if any other wallets too pic.twitter.com/dVtksoMeye— Paladin (@nftpeasant) August 2, 2022
The exact amount stolen from users’ wallets is not yet known. Representatives from Phantom and Magic Eden did not immediately return requests for comment.
One user, going by the handle @Paladin on Twitter, told Blockworks several people familiar with the situation had their wallets “drained randomly.”
“They lost thousands and most of their money, so they are quite depressed,” they said. “Move coins to a ledger and disconnect every trusted website.”
Paladin pointed to two large wallet addresses suspected of belonging to the exploiter which have a combined balance of roughly 37,777 SOL (US$1.5 million). A third wallet, with roughly 2,402 SOL ($95,000) is continuing to see funds drained to its address as a result of the exploit, Paladin said.
The exploit appears to be impacting all Solana-based tokens with recommendations for moving coins to a ledger, revoking trusted apps like Magic Eden or locking them up via staking.
Hacks and exploits relating to DeFi and NFTs continue to mount. Last month, Blockworks reported hacks totaled more than $1.2 billion for the first quarter of this year alone in what appears to be an increase in frequency for the budding sector.
Continuous hacks “is fundamentally an unsolvable problem,” Immunefi’s CEO Mitchell Amador told Blockworks in an interview at the time. “We knew things were going to go in this direction. The volatility is a part of crypto, the amount of money flowing in was going to increase.”
Back to the list