Do we need more Scalability, Speed rather than Security as the Solana Ecosystem is under attack again?
In a tweet earlier today, Magic Eden confirmed that there is an exploit draining wallets on the Solana ecosystem. At the time of writing, data from dina shows that over 7,700 addresses have been affected, as pundits estimate that at least $5 million in crypto assets have been lost.
???Izgleda da je u igri široko rasprostranjena SOL eksploatacija koja iscrpljuje novčanike u cijelom ekosistemu
Evo šta možete učiniti upravo sada da se najbolje zaštitite
1. Idite na >Postavke na svom @phantom novčanik
2. >Pouzdane aplikacije
3. >Opozovi dozvole za sve sumnjive veze?
— Magic Ethen? (@MagicEden) Avgust 3, 2022
While the vulnerability causing the exploit remains unknown, Binance’s Changpeng Zhao and other pundits have confirmed that the exploit does not seem to be affecting cold wallets or central exchanges. Users have been advised that disabling permissions granted to suspicious links in their wallets may not be enough and have been instead encouraged to move their assets to cold wallets or central exchanges.
Na Solani je aktivan sigurnosni incident. Mnogi (7000+ i dalje) novčanici su iscrpljeni od SOL & USDC. Još ne znam osnovni uzrok. Možda su odobrenja odobrena aplikacijama. Za sanaciju pošaljite sredstva na hladan novčanik ili na CEX like @Binance. https://t.co/nQrBXAgCbf
- CZ? Binance (@cz_binance) Avgust 3, 2022
The information available shows that the attackers have somehow managed to gain access to the seed phrases of users. At the time of writing, the most popular theory is one suggested by Ava Labs CEO Emin Gün Sirer. According to Sirer, the exploit is likely a supply chain attack, as he suggests a JavaScript library may have been compromised.
Jedan od mogućih puteva je „napad na lanac snabdevanja“ gde je JS biblioteka hakovana i eksfiltrira (krade) privatne ključeve korisnika. Izgleda da su zahvaćeni novčanici kreirani u posljednjih ~9 mjeseci, ali postoje izvještaji o novo kreiranim novčanicima.
— Emin Gün Sirer? (@el33th4xor) Avgust 3, 2022
Meanwhile, Adam Cochran reports that most victims appear to be IOS users, with most of their wallet interactions on mobile. Phantom and Slope wallets’ users also appear to be the most affected.
1/3
Razgovarao s korisnikom koji je hakovan i na Solani i na Ethereumu:
-Korišćen iOS
-Novčanici su bili TrustWallet i Slope
-ERC20’s were stolen to: 0xc611952D81E4ECbd17c8f963123DeC5D7BCe1c27
-ETH strana je bila TrustWallet
-Imovina je uzeta u isto vreme— Adam Cochran (adamscochran.eth) (@adamscochran) Avgust 3, 2022
While there have been reports of a similar issue on Ethereum, these are very few, and it only appears to be the case when seed phrases are shared with Slope.
On-chain sleuth CIA Officer reports that the amount of stolen SOL per minute appears to be slowing down from 1K SOL per minute to less than 1 SOL per minute. Notably, not only SOL has been drained from the affected wallets but also stablecoins like USDC and USDT and assets like Bitcoin and Ethereum.
amount of sol stolen per minute going down. startet at ~1kSOL/minute, now at <1 SOL/minute: https://t.co/D90uCXh1Hl
— službenik CIA-e (@officer_cia) Avgust 3, 2022
Notably, a network validator has launched a DDOS attack on the network in an attempt to slow down the attacker.
according to solana validator discord, Jito is responsible for the network ddosing to slow down attacker and bringing down solana rpc in the process
— službenik CIA-e (@officer_cia) Avgust 3, 2022
Solana Status reports that engineers are currently working together to get to the root cause of the exploit as the community awaits further updates.
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
- Solana Status (@SolanaStatus) Avgust 3, 2022
Solana, in recent years, has grown to become one of the most popular altcoins, sometimes even dubbed an “Ethereum killer.” However, in recent months, the network has been plagued by several outages and slowdowns. Consequently, it has attracted podsmijeh from the likes of Cardano chief Charles Hoskinson.
- Oglas -
Source: https://thecryptobasic.com/2022/08/03/scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit/?utm_source=rss&utm_medium=rss&utm_campaign=scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit