Almost 8,000 Solana Wallets Drained in Suspected “Supply Chain” Exploit
Multiple teams working in the Solana ecosystem are investigating the root cause of the incident.
- Thousands of Solana wallet users have been hacked in a suspected "supply chain" attack.
- The hack has impacted Phantom and Slope users. Some Ethereum TrustWallet users have reportedly been affected, though it's unclear whether they were targeted as part of the same breach.
- Multiple teams in the Solana ecosystem are investigating the incident.
Share this article
At least 7,767 Solana wallets have been affected.
Hackers Target Solana Users
Hackers have drained thousands of Solana wallets in an ongoing attack.
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.
This thread will be updated as new information becomes available.
— Solana Status (@SolanaStatus) August 3, 2022
Reports that attackers were siphoning funds from the Layer 1 blockchain’s wallet users surfaced on Twitter early Wednesday. Though the full scale of the damage is unknown, the Solana Foundation has confirmed that at least 7,767 wallets have been impacted at press time.
The Solana Foundation took to Twitter to confirm it was investigating the incident at 02:39 UTC. “Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.”
The hackers targeted both Phantom and Slope wallet users. Both teams issued statements to confirm that they were investigating the incident, with Phantom noting that “the team does not believe this is a Phantom-specific issue.” Magic Eden also said that it was looking into “a widespread SOL exploit” and urged Solana users to revoke their wallet permissions for any suspicious links.
The Solana Foundation noted that hardware wallets appear to be unaffected. Based on the information currently available, Solana Labs communications lead Austin Federa said that “a potential supply chain attack” could be to blame. He speculated that several wallets could share some software dependency as the attackers were able to sign the transactions that drained the wallets without tricking users into giving away their funds, as is often the case with other crypto wallet exploits. “It’s likely not protocol level,” he added. Some Ethereum TrustWallet users have reportedly been affected, though it’s still unclear whether they were targeted as part of the same breach.
Solana Labs co-founder and CEO Anatoly Yakovenko also commented on the incident, calling for affected users to come forward with information. “looking for folks who were effected by the attack, but only received sol or tokens into the wallet and never transacted more than once, never reused their mnemonic key anywhere else,” he wrote. The Solana Foundation has also asked affected users to fill out a survey to help engineers investigating the incident find the root cause.
The total sum stolen is still unknown, though it’s believed to be in the millions of dollars.
SOL has suffered in the fallout from the attack. Per CoinGecko data, it’s trading at $38.55, down 4.4% at press time.
This story is developing and will be updated as further details emerge.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.