Several Solana users discovered that their crypto wallets were empty on Tuesday evening.
How did the hack take place?
https://twitter.com/0xfoobar/status/1554627762807349249?s=20&t=5VlQtF8o20ZDSlWczdQwZw
It is believed that unidentified hackers have gained access to hundreds of hot wallets — software-based crypto wallets that require an active internet connection — and transferred all cash within them to a third party without the owner’s knowledge.
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
In a Tuesday night tweet, Solana first acknowledged the attack, writing, Engineers from several ecosystems, working alongside many security organizations, are probing wallets emptied by Solana.
Hardware wallets appear not to have been affected by the hack. A second tweet from Solana revealed that 7,767 wallets had been touched early Wednesday morning. As of Wednesday, there were more wallets affected. Approximately $5 million worth of Solana blockchain currencies has been reported.
How did so many cryptocurrency wallets get compromised?
Private key breaches’ are believed to have enabled the hackers to carry out such a large heist, according to OtterSec, a blockchain auditing firm. Researchers discovered that users signed every wallet-draining ‘transaction’ themselves.
Later in the evening, news indicated that Slope and TrustWallet customers were also targeted, in addition to Phantom customers.
DON’T interact with ANYONE who reaches out to you with a solution to this SOLANA hack. They are scammers
— Heidi (@blockchainchick) August 3, 2022
Users are advised to be more cautious than usual by several Web3 authorities. A leader in the Web3 community with the username blockchainchick is urging users to move their cash to cold storage or hardware wallets as soon as possible.
A word of advice from an expert
Get your #solana off hot wallets and onto a hardware wallet to protect yourself from this hack that is happening right now. Over 8000 wallets have been compromised
— Heidi (@blockchainchick) August 3, 2022
After the recent breach, Chakos advised users to be cautious and avoid communicating with anyone claiming to have remedies.
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.
Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.
Wallets drained should be treated as compromised, and abandoned.
— Solana Status (@SolanaStatus) August 3, 2022
In the meantime, blockchain developers continue their studies. Solana Status confirmed that hardware wallets are protected from the breach and that customers whose wallets were compromised must immediately change them.
***