We’re on the heels of cross-chain bridge Nomad suffering a demolishing hack earlier in the week, and now hackers are doubling down with an attack on Solana hot wallets mid-way through the week. There was a report Tuesday afternoon that Solana wallets were being hacked. Approaching 24 hours later, there are still quite a bit of unknowns, and we’re approaching nearly $5M of hacked funds.
Let’s take a look at what we DoSo far, so good.
A Solana Scare
Nearly 10,000 wallets across mobile users utilizing both Slope and Phantom (two of the leading Solana wallets) fell victim to this week’s hack in what is seemingly a result of poor user privacy management. Although crypto Twitter users are working to a postmortem, @tristan0x created a Dune Analytics dashboard that shows how fast things moved. While activity has slowed on Wednesday, it is unclear if this vulnerability remains active.
General crypto Twitter consensus thus far has pointed towards Slope as being the domino to fall here; the platform’s latest correspondence on Twitter, from Tuesday, states that they are “actively working to sort out the issue as rapidly as possible and rectify best we can.” On Wednesday, Slope released a message to users that was reposted by reputable crypto Twitter user foobar:
Statement by the Slope Team pic.twitter.com/uOEdO25x8c
— foobar (@0xfoobar) August 3, 2022
The price of SOL tokens has held steady despite all the questions surrounding Solana security.Source: SOL USD on TradingView.com | Source: SOL-USD on TradingView.com
Why The Crypto Fear & Greed Index Points To Sustainable Recovery| Why The Crypto Fear & Greed Index Points To Sustainable Recovery
Crypto Vulnerabilities Run Rampant
What happened? Post-mortems from independent sleuths and other reputable sources in the space have yet to be released, but speculation has largely landed on some variation of a ‘software supply chain attack’ being the likely downfall here. To exploit potential security holes, attackers look far and wide to find vulnerabilities in network protocols and server infrastructure.
In this case, the root issue seems to lie within Slope and some have even speculated that it could be a malicious insider at Slope taking advantage of the platform’s practices. As foobar notes in the Twitter thread above, “compromised Phantom wallets came from seed phrase imports used in Slope.”
You can move your funds to a hardware account if you are concerned about the security of funds stored in a Solana wallet. The seed phrase key cannot be entered digitally or typed into any Solana device. Until a post-mortem from Slope and other reputable resources in the community emerges, there will be a variety of assumptions around these circumstances – so stay tuned and stay secure.
Similar reading | TA: AVAX Struggles To Hold Above Resistance As It Eyes $40
Featured image taken from TradingView.com Charts, and Pexels This content was not written by or associated with the mentioned parties. This content is not intended to be financial advice.