Engineers and security firms of multiple ecosystems across Solana are now on high alert amid an ongoing threat regarding Solana wallets being drained today. As of 5 AM UTC today, roughly 7,767 wallets have been compromised.
Phantom and Slope Wallets Become Prime Targets
The culprits seem to target several wallets, with Slope and Phantom being the most common ones. It also appears to affect mobile users more, according to multiple individual reports on Twitter, however, Solana states that it also affects users using browser extension wallets.
Surprisingly, it appears that the large majority of the wallet drain reports affected only SOL and Solana-based tokens like USDC or $RAY. There have yet to be any reports of non-fungible token (NFT) theft being linked to the series of exploits. No one is sure why but many speculate that this is due to the illiquidity of NFTs as opposed to fungible tokens.
Solana engineers and security researchers are currently attempting to identify the root cause of the hacks. One of the attack wallets identified was GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy, which holds $161K worth of SOL and $120K worth of SPL tokens.
Famous Fox Fed developer F🟠xyDev suspects that this is either a browser exploits caused by accessing a malicious website or a supply chain attack on the wallet extension level. Both scenarios could give an attacker access to private keys stored on a device, unless it is stored on a hardware wallet.
What should users do?
It is recommended that users limit their on-chain activities until the exploit is identified and patched. As of the moment, it appears that hardware wallet users are unaffected. Users are strongly urged to adopt cold storage for their Solana funds as it is currently the safest solution. Hardware wallets store private keys on the device itself, not on your computer, which makes it far more secure.
If you don’t own a hardware wallet, some users recommend temporarily transferring tokens to a centralized exchange.
Some also recommend revoking wallet access from websites you’ve connected to, but users are divided on how effective this is since the Auto Approval feature has been removed by Phantom for a long time. But it surely couldn’t hurt to take precautions.
Join our newsletter as we build a community of AI and web3 pioneers.
The next 3-5 years is when new industry titans will emerge, and we want you to be one of them.
- Receive updates on the most significant trends
- Receive crucial insights that will help you stay ahead in the tech world
- The chance to be part of our OG community, which will have exclusive membership perks