Over 8,000 wallets were drained of nearly $6 million in Solana and USDC by an unknown attacker overnight on Tuesday. The hack seems to have originated from Solana’s browser-based wallet Phantom and has likely compromised user keys. The attack came mere hours after the Nomad Bridge hack, which saw another unknown attacker get away with nearly $190 million in crypto.
Blockchain audit company OtterSec reported that nearly 5,000 wallets were compromised in a mere few hours, with the count increasing to nearly 8,000 after a while, as reported by @Watcher Guru. The transactions were being signed by the wallet owners themselves, suggesting some sort of private key compromise.
Solana’s value at the time of writing has dropped by 3.5%, with the trading volume going by 72.87% in the last 24 hours as initial reports singled out the Solana ecosystem, including the Phantom wallet. However, the team at Phantom tweeted an update stating that they’re investigating the issue and do not believe it to be Phantom-specific.
Several different crypto wallets and trading platforms have warned their users of the ongoing exploit and are working together to figure out the exact cause and extent of the damage.
Crypto analyst @0xfoobar reported that the attacker is stealing both native and SPL tokens, meaning both SOL and USDC and is affecting wallets that have been inactive for less than six months. He also reported that Phantom isn’t the only wallet affected, as Slope wallets were reportedly drained. OtterSec reported that Phantom, Slope, Solflare and TrustWallet are affected across platforms.
Current mitigations include revoking permissions to any suspicious links in your wallet and moving to a hardware crypto wallet if possible. That said, it doesn’t seem likely that we’ll know the full extent of this exploit until blockchain security teams, especially the one at Phantom is finished investigating.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.