A security vulnerability impacting the Solana ecosystem has reportedly seen millions in funds drained across a number of Solana-based wallets.
At the time of writing, Solana (SOL) is currently trending on Twitter as countless users are either reporting on the hack as it unfolds, or are reporting to have lost funds themselves, warning anyone with Solana-based hot wallets such as Phantom and Slope wallets to move their funds into cold wallets.
IMPORTANT- please retweet and tag @phantom and @solana
— Solar Dex (@solar_dex) August 2, 2022
1. Many users are claiming they are getting notifications that they are sending tokens to an unknown address
2. Common Denominator is that they have all been @phantom wallets
So far both Phantom, Slope, and Magic Eden are among those that have commented on the issue, with wallet provider Phantom noting that it is working with other teams to get to the bottom of the issue, although it says it does not “believe this is a Phantom-specific issue” at this stage.
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
— Phantom (@phantom) August 3, 2022
As soon as we gather more information, we will issue an update.
Magic Eden confirmed the reports by stating that “seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem” as it called on users to revoke permissions for any suspicious links in their Phantom wallets.
Slope said it is currently working with Solana Labs and other Solana-based protocols to pinpoint the issue and rectify it, though there were "no major breakthroughs yet."
Twitter user @nftpeasant has been following the incident closely, and according to their research via Solscan, around $6 million worth of funds have already been siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it appears a Phantom wallet user had $500,000 worth of USDC drained from their account.
???!!! https://t.co/sBDgxqGyaw
— Matthew Graham (@mattysino) August 2, 2022
Popular scam detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago.
Related: Solana-based stablecoin NIRV drops 85% following $3.5M exploit
The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started.
Scammers wallet funded via Binance 7 months agohttps://t.co/5gQbObcsg4 https://t.co/sco5SPBrne pic.twitter.com/AL6Hm4F3R3
— ZachXBT (@zachxbt) August 3, 2022
There have also been different reports on how many wallets have been affected and the extent of the damage so far.
Crypto tracking and compliance platform Mist Track stated via Twitter that as many as 8,000 wallets have been hacked, with $580 million sent to four addresses, however, comments on the post are skeptical about the number.
Meanwhile, Ava Labs CEO and founder Emin Gun Sirer stated that the number was at 7,000 plus wallets, a number which is rising at around 20 per minute. He said he believes that as the transactions appear to be signed properly, "it is likely that the attacker has acquired access to private keys."
There's an ongoing attack targeting the Solana ecosystem right now. 7000+ wallets affected, and rising at 20/min. Because it's very early and the attack is ongoing, there's a lot of misinformation and speculation. So here are a few thoughts and clarifications.
— Emin Gün Sirer (@el33th4xor) August 3, 2022
Cointelegraph has reached out to Phantom for comment on the matter and will update the story if the firm responds.