The open source blockchain network Solana has been considered the golden child of the crypto scene thanks to claims of its fast and cheap transaction infrastructure. Now some of those same crypto bros are paying the price for jumping onto the DeFi darling.
Though initial reports from Solana put the number of impacted wallets at over 7,700, the latest news from the likes of blockchain analysis firm Elliptic put the number around 8,000, but the number of affected wallets keeps increasing. The total lost funds is hovering somewhere over $US5.2 ($7) million, but that will likely increase. The company added the flaw could have come from software outside the wallet infrastructure. Crypto security company CertiK said the attack came from four separate addresses.
There are 4 attacker addresses and so far 7300+ unique Solana addresses have been affected.
The attack is still on-going and we believe the victims to still be increasing.
The attacker addresses:
1. CEzN7mq…
2. Htp9MGP…
3. 5WwBYgQ…
4. GeEccG…— CertiK Alert (@CertiKAlert) August 3, 2022
Late Tuesday, Solana tweeted they were “investigating” the hack with the help of security firms, adding that those hardware wallets and wallets not connected online were not impacted (really, who woulda’ thought). The company further said that all those wallets that were drained should be considered “compromised” and should be set adrift, burned, or whatever other way users wish to say goodbye to their crypto.
Hackers apparently were able to claim the network’s own crypto token SOL as well as USD stablecoin from users’ wallets.
Users were advised to move their resources to a “cold” hardware wallet, rather than leaving it exposed to the crypto pirates still lurking offshore. White Hat hackers are apparently DDoSing their own servers to slow down the hack, according to Solana’s Reddit page, though it seems most of its RPC servers are back online. They also included a survey for those users who say their accounts were impacted.
Solana co-founder Anatoly Yakovenko wrote that the attack could be connected to Android and iOS apps, where attackers exploited some weakness in the supply chain to get access to users’ crypto. In his twitter thread, he points a trembling finger at Apple and Google for security breaches, though of course Yakovenko admitted they haven’t narrowed it down to any connected app.
Fucking @apple and @google can give us secure signing and recovery in the device. f’ing hell
— SMS T◎ly, 🇺🇸 (@aeyakovenko) August 3, 2022
But blockchain audit firm OtterSec wrote that the attacker was apparently signing for wallet’s actual keys, suggesting that there’s a compromise of users’ private keys. According to BleepingComputer, that could mean a supply chain attack, but it could also be a zero-day flaw in browsers, or even a fault in the user passcode generation process.
Of course, we won’t know until the hack is done with and the Solana devs are left standing upon their field of broken glass.