Hack Drains Over A Million Dollars From Solana Crypto Wallets

Late Tuesday, Solana tweeted they were “investigating” the hack with the help of security firms, adding that those hardware wallets and wallets not connected online were not impacted (really, who woulda’ thought). The company further said that all those wallets that were drained should be considered “compromised” and should be set adrift, burned, or whatever other way users wish to say goodbye to their crypto.

Hackers apparently were able to claim the network’s own crypto token SOL as well as USD stablecoin from users’ wallets.

G/O Media may get a commission

40% Off

Amazon Fire 65″ 4K Smart TV

Looks good
Aside from being 65″ in size, this TV offers UHD 4K visuals which are a constant feast for the eyes, features HDR to make sure you can appreciate the full range of colors and contrasts, and it also allows you to use it as a hub for all of your streaming services.

Advertisement

Users were advised to move their resources to a “cold” hardware wallet, rather than leaving it exposed to the crypto pirates still lurking offshore. White Hat hackers are apparently DDoSing their own servers to slow down the hack, according to Solana’s Reddit page, though it seems most of its RPC servers are back online. They also included a survey for those users who say their accounts were impacted.

Solana co-founder Anatoly Yakovenko wrote that the attack could be connected to Android and iOS apps, where attackers exploited some weakness in the supply chain to get access to users’ crypto. In his twitter thread, he points a trembling finger at Apple and Google for security breaches, though of course Yakovenko admitted they haven’t narrowed it down to any connected app.

But blockchain audit firm OtterSec wrote that the attacker was apparently signing for wallet’s actual keys, suggesting that there’s a compromise of users’ private keys. According to BleepingComputer, that could mean a supply chain attack, but it could also be a zero-day flaw in browsers, or even a fault in the user passcode generation process.

Of course, we won’t know until the hack is done with and the Solana devs are left standing upon their field of broken glass.

READ MORE HERE