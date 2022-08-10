Unknowns have the wallets of numerous users of the . It is still unclear what made the multi-million dollar hack possible.

Wallets of the cryptocurrency Solana have been looted by unknown persons since Tuesday. It is apparently possible for the attackers to carry out a transaction as if they were the owner via holes that are not yet known. According to the reports, the wallet applications Phantom and Slope are particularly affected, as are users of Solflare and Trust Wallet. According to user reviews, this does not seem to be limited to one computing platform. Overall, the attackers are likely to have emptied thousands of wallets and captured coins worth millions. Both Solana’s native currency and tokens were stolen in the process.

So far, the Solana makers have only communicated, that it is probably not a bug in the Solana network itself, but only affects popular wallet software. They are currently still investigating the incident together with developers from different ecosystems and security companies.

Hardware wallets probably not affected

Users of an affected wallet should consider the wallet compromised and stop using it. Hardware wallets, on the other hand, do not seem to be affected. Under no circumstances should you use the cryptographic seed of a robbed wallet again for the hardware wallet. Those who have been stolen are also asked to take part in an online survey for a picture of the situation.

In a tweet Wednesday morning, Solana spoke of 7,767 compromised wallets. According to figures from the Solscan platform, there could be significantly more. Accordingly, coins worth around 4.5 million US dollars were stolen, in front of USDC tokens generated on Solana and the native cryptocurrency Solana. The money went to four different addresses.

According to security researchers from Ottersec it can be observed from the transactions of this hack that they were also cryptographically signed by the original owners. This indicates a compromise of the private keys managed by the wallet.

A supply chain attack?

What made the compromise possible is still unclear. The Solana co-founder Anatoly Yakovenko as well as Emin Gun Sirer, founders of the cryptocurrency Avalanche, speculated about a possible supply chain attack in which libraries used in the wallet applications could have been hacked. According to Yakovenko, many of the affected wallets have only received deposits and have had no interaction with any smart contracts. Guiding unsuspecting users to interact with a malicious smart contract would be a typical approach of a phishing campaign, which was recently aimed primarily at NFT owners.

Solana is one of the top 10 cryptocurrencies with a market capitalization of over $14 billion. The cryptocurrency platform is traded as a hot competitor for Ethereum, even though it has had to struggle with network outages in the past. The Solana exchange rate is currently around 40 US dollars, probably as a result of the hack the currency lost three percent in value.