blockworks.co
Thousands of Solana users have fallen victim to a mysterious exploit that began draining cryptoassets about 18 hours ago. So far over $5.2 million in assets has been stolen, according to estimates from data firm Elliptic, from nearly 8,000 wallets, as tracked by Dune Analytics.
In addition to solana (SOL), a handful of Solana NFTs and over 300 Solana-based tokens were pilfered as well.
The root cause is still unclear, but signs point to a common thread among the affected members of the Solana community — they all interacted with the Slope mobile wallet.
Rather than a flaw in the Solana blockchain itself, the exploit likely stems from a bug in hot wallet software, according to Anatoly Yakovenko, Solana Labs co-founder.
It’s not an L1 related bug. Seems to be isolated to mobile wallets and really likely to be just to users who installed slope. Not much we could do, besides building a mobile phone with secure element pki for crypto.
— SMS T◎ly, 🇺🇸 (@aeyakovenko) August 3, 2022
Solana Status, the blockchain’s hub for data and system performance, initially pointed the finger at software used by several popular wallets.
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
— Solana Status (@SolanaStatus) August 3, 2022
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
Other Twitter users such as @HelpedHope have added to speculation that hot wallets — crypto storage solutions connected to the internet — on various operating systems from both mobile and desktop to iOS and Android were affected, while cold wallets were not.
However, private keys initially generated by another wallet, but then imported into Slope, may have subsequently been leaked, leading to the difficulty pinpointing a chain of events.
This hack, while comparatively smaller than others, is significant because the perpetrator was not thought to be a lone actor, and the attack targeted thousands of individual wallets rather than a central source of funds such as an exchange or inter-blockchain bridge.
Initially promoted as Ethereum’s main competitor, and currently the second-largest blockchain for NFTs after Ethereum, the Solana blokchain has had its share of issues.
Since the beginning of the year, the network has suffered five outages due to consensus failures and has gone offline for multiple hours on end. The latest occurred in June and took 4½ hours to rectify.
The price of the SOL token has fallen nearly 4% in the past 24 hours, at the time of publication, according to data compiled by Blockworks.
Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.