Over 8000 Solana (SOL) wallets were drained of around $580 million by an exploit that started in the late hours of August 2.
Do sada je više od 8000 novčanika i ~580 miliona dolara ukradeno na sljedeće 4 adrese.
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy pic.twitter.com/N7wJlCOi8p— MistTrack?️ (@MistTrack_io) Avgust 3, 2022
However, Peckshield noted that the total loss is estimated to be less than $10 million if the value of shitcoins involved in the attack is removed.
#PeckShieldAlert Široko rasprostranjeni hak na Solana novčanike je vjerovatno zbog problema s lancem opskrbe koji se koristi za krađu/otkrivanje privatnih ključeva korisnika iza novčanika. Do sada se gubitak procjenjuje na 8 miliona dolara, isključujući jedan nelikvidni shitcoin (ima samo 30 zadržavanja i možda pogrešno procijenjenih 570 miliona dolara) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) Avgust 3, 2022
The attack mostly affected mobile Solana wallets connected to the internet like Phantom, Solflare, TrustWallet, and Slope. But most of the breach reports came from Phantom and Slope users.
The cause of the exploit and the hackers’ identity remain unknown.
Meanwhile, four wallets have been identified to be holding all the stolen funds.
The exploit has been draining Solana, other Solana-based tokens, and USDC. Otter added that the exploit has also affected some Ethereum (ETH) korisnici.
The cause of the attack is still unknown
The crypto community remains at a loss on the cause of this exploit.
Solana Foundation’s co-founder Anatoly Yakovenko posited that the exploit “seems like an iOS supply chain attack,” a view shared by some other community members.
Čini se kao napad na iOS lanac nabavke. Utjecalo je na više vjerodostojnih novčanika koji su primali samo sol i nisu imali interakcije osim primanja. https://t.co/ne0g3ZmLH5
Kao i ključevi koji su uvezeni u iOS i generirani eksterno.https://t.co/hStAr1mU6Q
— SMS T◎ly, ?? (@aeyakovenko) Avgust 3, 2022
PSA: If you are using Phantom or Slope wallet on Solana, please move your funds to an exchange or a hardware wallet ASAP.
There is an ongoing attack draining these wallets. Most likely a supply chain attack.
ps Funds on Fox Wallet are Safu because LavaMoat is GOAT.
- Mudit Gupta (@Mudit__Gupta) Avgust 3, 2022
Two important lessons:
– Solana was written on Rust that’s positioned as secure language. Language itself doesn’t provide high security. That’s why we’ve selected C language.
– Most probable cause is supply chain attack. That’s why Cellframe almost has no 3rd party components https://t.co/4FWlieKj5U— Dmitriy Gerasimov (@naeper) Avgust 3, 2022
According to Christine Kim, a supply chain attack “is like a Trojan horse style attack in that a hacker slides in malicious code without anyone noticing to one of the GitHub repos or libraries that the targeted application/product relies on and uses.”
Basically, a supply chain attack is like a Trojan horse style attack in that a hacker slides in malicious code without anyone noticing to one of the GitHub repos or libraries that the targeted application/product relies on and uses.
— Christine Kim (@christine_dkim) Avgust 3, 2022
Emin Gün Sirer, Ava labs CEO, mentioned four possible causes of the exploit. According to him, the attack could have been caused by a “supply chain attack,” a “faulty random number generator,” or a “browser exploit/zero-day.”
Trenutno je u toku napad usmjeren na ekosistem Solane. 7000+ novčanika je pogođeno i raste brzinom od 20/min. Budući da je vrlo rano i da je napad u toku, ima mnogo dezinformacija i spekulacija. Dakle, evo nekoliko misli i pojašnjenja.
— Emin Gün Sirer? (@el33th4xor) Avgust 3, 2022
However, these reasons have a different loophole that makes it difficult to pin the attack on any of them.
Sirer continued that the possible cause of this hack could be “a potential nonce reuse that ends up revealing the private key.”
Blockchain security firm OtterSec had written that the transactions were “being signed by the actual owners, suggesting some sort of private key compromise.”
These transactions are being signed by the actual owners, suggesting some sort of private key compromise. pic.twitter.com/UTMq4NWErd
— OtterSec (@osec_io) Avgust 3, 2022
Solana, Phantom, and Slope have revealed that they are investigating the exploit and will provide further information soon.
Inženjeri iz više ekosistema, uz pomoć nekoliko sigurnosnih firmi, istražuju isušene novčanike na Solani. Nema dokaza da su hardverski novčanici pogođeni.
Ova tema će se ažurirati kako nove informacije budu dostupne.
- Solana Status (@SolanaStatus) Avgust 3, 2022
Meanwhile, users have been advised to stop using the compromised wallet. The network advised users to use a hard wallet, while some community members also said sending the tokens to a centralized exchange could protect the funds.
Na Solani je aktivan sigurnosni incident. Mnogi (7000+ i dalje) novčanici su iscrpljeni od SOL & USDC. Još ne znam osnovni uzrok. Možda su odobrenja odobrena aplikacijama. Za sanaciju pošaljite sredstva na hladan novčanik ili na CEX like @Binance. https://t.co/nQrBXAgCbf
- CZ? Binance (@cz_binance) Avgust 3, 2022
Solana nodes are down
Available information also revealed that Solana nodes are currently down. The nodes were reportedly placed under a DDoS attack to slow down the hacker.
Many Solana RPC Nodes appear to have stopped serving requests, might be due to load or intentional.
This does not affect the underlying chain in any way. The chain is operating as normal.
Your wallet or explorer might not be loading right now, the chain is operating as normal.
— Laine | stakewiz.com (@laine_sa_) Avgust 3, 2022
Meanwhile, the Solana blockchain is still running.
However, crypto community members have questioned the rationale behind the attack as the hacker could continue with the exploit when the network resumes full operation.
As of press time, Solana’s network has lost around 2% of its value in the last 24 hours and is currently trading for $39.87.
Source: https://cryptoslate.com/over-8k-solana-wallets-drained-of-580m-by-hackers/