The cryptocurrency ecosystem has been rocked by a widespread exploit targeting the Solana wallet that has been running since August 3. Two Solana-based wallet services, Phantom and Slope, initially flagged the attack on their social media platforms with a host of cryptocurrency influencers, blockchain analytic and security firms and victims of the hack as it continues to emerge.
A handful of commentators noted that the attackers had gained access to the user’s private key after the transaction was legitimately signed. Emin Gun Serer, CEO and founder of Ava Labs, estimated that more than 7,000 wallets were affected, a number cited online by several other individuals and firms.
As investigations begin to uncover the root cause that allowed an attacker to rob thousands of wallets, affected users are being warned not to accept help from individuals online to solve the hack. Heidi Chakos, host of the YouTube channel Crypto Tips, emphasized that scammers would like to take advantage of the current situation:
Do not interact with anyone who reaches out to you for a solution to this solana hack. they are scammers
— heidi (@blockchainick) 3 August 2022
Solana has been providing status updates since the exploit began and noted that 7,767 wallets were affected on August 3 at 5 a.m. UTC. Several wallets in mobile and browser extensions were affected.
There is no evidence that hardware wallets have been affected – and users are strongly encouraged to use hardware wallets.
Do not reuse your seed phrase on the hardware wallet – create a new seed phrase.
The purse taken out should be considered compromised, and discarded.
— Solana Status (@SolanaStatus) 3 August 2022
Solana insisted that users move funds to cold storage and create new seed phrases, while owners of about 8,000 drained wallets were told that these “should be treated as compromise and renunciation.”
Engineers from several ecosystems are investigating the root cause of the incident with the help of security firms. Users affected by the exploit are being asked to provide their compromised wallet addresses to the Solana Foundation to aid in the investigation.
Cointelegraph has reached out to Solana for an updated figure on the number of wallets affected by the exploit. It is also unclear whether the funds in the affected wallet will be recovered or refunded after the incident.