• News
    • Archive
  • Celebrities
  • Finance
  • Crypto
  • Entertainment
  • Travel
  • Health
  • Others

Solana Hack – $6 Million Stolen From Thousands Of Wallets

14.7KShares
246.3KViews

This week’s Solana hack targeted the blockchain’s cryptocurrency wallet – over 8,000 of them – resulting in at least $6 million loss.

The hacking commenced on the evening of August 2.

When various sites caught up with the incident, they reported it was still ongoing as of August 3.

On that day, at 1:09 p.m., Solana took to Twitter to inform the public about it:

An exploit allowed a malicious actor to drain funds from a number of wallets on Solana.

COPYRIGHT_WI: Published on https://washingtonindependent.com/ebv/solana-hack/ by Rhyley Carney on 2022-08-05T04:59:42.461Z

There was no mention of how the Solana hack occurred.

It could be that Twitter’s 280-character limit might be hindering a comprehensive explanation.

Or, Solana was still clueless at that time as investigations ensued.

Nevertheless, the tweet included two important details, namely, the number of wallets compromised and which ones.

Progress on crypto regulation and a big hack for Solana

According to Solana, as of 5:00 a.m. (UTC) on August 3, “approximately 7,767 wallets have been affected.”

Phantom and Slope were among those wallets.

Solana immediately followed the aforementioned tweet with another one. This time, saying that hardware wallets were not affected by the Solana hack.

With that confirmation, it gave this piece of advice to users:

Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.

Changpeng “CZ” Zhao, the CEO of cryptocurrency exchange Binance, advised the same thing via Twitter.

Zhao asked Slope wallet users to transfer their crypto tokens to a new wallet and to “use a new private key or seed phrase.”

At 9:13 p.m. (still on August 3), Solana tweeted an update.

From the 7,767 wallets initially reported to be affected, the figures now peaked at an estimated 8,000.

In addition, the amount lost from the Solana hack, based on some sources, soared from $6 million to around $8 million.

A CNBC report published on the morning of August 3 mentioned $5.2 million.

Based on his tweet on August 3, Anatoly Yakovenko, the co-founder of Solano, surmised that those who got affected were using Apple devices.

Nearly a couple of hours after that post, the Ukrainian-born computer engineer tweeted to correct himself.

Yakovenko said that the Solano hack likewise affected Android users.

Slope wallet by Slope Finance at Google Play Store
Slope wallet by Slope Finance at Google Play Store

Solana Hack And Slope

It took a couple of days to discover what transpired that led to the multimillion-dollar Solana hack.

In the early morning of August 4, Solana tweeted three consecutive times for an update.

First, about the possible root of the problem.

Its developers pointed to Slope.

Second, about how the attack could have happened and how many wallets got hacked.

Majority of those affected were Slope wallets. Still, Slope’s hard wallets got spared and “remain secure.”

Part of the second tweet reads:

Private key information was inadvertently transmitted to an application monitoring service.

A third party could be more likely responsible for the Solana hack.

Third, Solana made it clear about its status in terms of security.

There is no evidence the Solana protocol or its cryptography was compromised.

Now that a third party was mentioned, one site provided some information about it.

According to a report by Web3 marketing and consultancy agency Run The Chain, Slope did something that could have triggered the Solana hack.

A man in the middle (MITM) attack was used to steal from those wallets.

It could have been initiated while Slope was connected to its centralized servers to perhaps log the seed phrases of users.

Those seed phrases could have then reached the hackers.

One anonymous developer, who only goes by the name “foobar,” checked out MoonRank NFT and took a screenshot of the MITM logs.

“Foobar” based this whole premise on those logs.

MoonRank NFT’s MITM logs, with the part showing the attack highlighted by a yellow rectangle
MoonRank NFT’s MITM logs, with the part showing the attack highlighted by a yellow rectangle

Phantom – No Menace

Phantom, one of the Solana wallets that got exploited, also claimed that the Solana hack stemmed from Slope.

In a pinned tweet dated August 4, Phantom wrote:

The reported exploits are due to complications related to importing accounts to and from @slope_finance.

Then like Solana and Zhao, Phantom recommended users to start using a “non-Slope wallet” and a new seed phrase.

Homepage of Phantom wallet, with a smartphone showing NFTs
Homepage of Phantom wallet, with a smartphone showing NFTs

On August 4, Slope issued an official statement.

It admitted how the Solana hack affected its wallets.

Anything they know about its true cause remains hypothetical. No “firm” findings yet.

As could be expected, Slope suggested using a new wallet and a new seed phrase.

It assured its users that it’s cooperating with different people, from “audit groups” to “security experts” to look for reasons and remedies.

Solana Falls Down The Slope

The Solana hack made this blockchain’s price tumble down.

Within two hours after the attack became news, Solana’s price fell by nearly 8 percent, according to Decrypt.

As of this writing, its current price, per CoinMarketCap, is $38.64 (down by 0.54 percent).

The hacking of crypto bridge Nomad recently grabbed headlines.

An estimated $200 million was lost.

It happened a day before the Solana hack, and incidents like these will apparently bother the crypto community in the weeks ahead.

Share: Twitter | Facebook | Linkedin

About The Authors

Rhyley Carney

Rhyley Carney - Rhyley Carney is a New York Times bestselling author, anthology editor, comic book writer, magazine feature writer, playwright, content designer, and writing teacher/lecturer who has won five Bram Stoker Awards. More than a dozen countries have purchased her novels.

Recent Articles

No articles found.