A security flaw in the Solana ecosystem is reported to have resulted in millions of funds being drained from a number of Solana-based wallets. The ongoing Solana hack comes on the heels of Tuesday’s Nomad Bridge hack.
Solana hack victims flood Twitter
At the time of writing, Solana (SOL) is trending on Twitter, with multiple users either commenting on the hack as it happens or claiming that they have lost assets themselves, urging everyone using Solana-based hot wallets like Phantom and Slope wallets to relocate their funds into cold wallets.
Phantom, a wallet provider, has noted that it is collaborating with other teams to identify the cause of the problem, while it claims that it does not “believe this is a Phantom-specific issue” at this time. Magic Eden has also commented on the matter.
In a statement confirming the reports, Magic Eden urged users to deactivate permissions for dubious connections in their Phantom wallets, saying that there “seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem.”
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links💜
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
Twitter sleuths investigate
Twitter user @nftpeasant has been closely watching the event. According to their Solscan analysis, around $6 million in cash had already been stolen from Phantom wallets during a 10-minute period on Aug.t 2. In one case, it appears that a Phantom wallet user had $500,000 USDC siphoned from their account.
@zachxbt, a popular scam investigator and self-described “on-chain sleuth,” also did some investigating and disclosed to their 274,800 followers that the hackers funded the primary wallet involved with this attack through Binance seven months ago.
According to the transaction history, the wallet was dormant until today, when the hackers executed transactions with four other wallets 10 minutes before the attack began.
The hack is ongoing at the time of writing, with 7,000 wallets affected and approximately $6 million drained.