Solana Hack

Depricated as of Oct 2022

Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!

Have a great day,

Solana Wallets Targeted in Latest Multimillion Dollar Hack

Solana Hack
Image Credit: CRYPKYP
Source: CoinDesk
1659522246 03 Aug / 10:24

The Solana ecosystem appears to be the victim of crypto's latest exploit, with users reporting that their funds have been drained without their knowledge from major internet-connected "hot" wallets, including Phantom, Slope, and TrustWallet.

The attack is still ongoing, and over 8,000 wallets have been compromised thus far, according to blockchain auditors OtterSec. Several Solana addresses have been linked to the attack (1, 2, 3, 4), with those wallets amassing at least $5 million worth of SOL, SPL, and other Solana-based tokens from unsuspecting users.

The exact cause of Tuesday evening's attack remained unclear throughout Tuesday night, though it appears to have predominantly impacted mobile wallet users. The attacker somehow obtained the ability to sign (i.e., initiate and approve) transactions on behalf of users, suggesting a trusted third-party service may have been compromised in a so-called supply chain attack.

The attack will inevitably reignite a long-running debate around the security of hot wallets, which always stay connected to the internet to provide users a convenient way to send, store, and receive crypto. Cold wallets – USB drives that must be plugged into a computer to sign transactions – are heralded as a more secure, albeit less convenient, alternative.

“We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information,” a representative of Phantom, the largest Solana hot wallet, told CoinDesk in a statement. “The team doesn’t believe this is a Phantom-specific issue at this time.”

Some users initially suspected the hack could be related to transactions on Magic Eden’s Solana-based non-fungible token (NFT) marketplace, though this link became less clear as the attack wore on. Magic Eden did not respond to CoinDesk’s request for comment but tweeted a warning for users to revoke permissions from its wallet to avoid being attacked. It also suggested users “[m]ove everything to a cold wallet/ledger.”

Twitter continues to be flooded with reports of Solana users noticing that tokens have suddenly been drained from their accounts.

“I was getting my sunglasses refit when I got a push notification from my mobile wallet that I had sent all the SOL from my wallet,” Solana community member @gostak_gm told CoinDesk. “It was my main hot wallet, so I had it connected to many different mobile and web extension wallet providers as well as many dapps. Not clear to me what could have been the root cause. Glad to have most of my funds on a cold wallet.”

It is unclear whether the vulnerability is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on Solana and Ethereum.

Solana – the fifth-largest blockchain by total value locked (TVL) according to DefiLlama – has grown in popularity over the past year owing to its quick transactions and low fees. Its native token, SOL, dropped 4% in the hours following the attack.

Last News and Media
CRYPKYP contain links to third-party websites, resources, and advertisers. CRYPKYP does not control, sponsor, recommend or otherwise accept responsibility for any third-party content because we are not responsible for the availability of these outside resources or their contents or privacy practices. It will help if you direct any concerns regarding any third-party content to such a third party. We don't accept responsibility for the content of external websites linked to through the Site or the Services. Third-party content is accessed at the user's own risk. CRYPKYP distributes content from third-party publishers as indicated on the site from time to time mainly in Airdrops, News / Media, Whale Alerts, and Rumors. In these circumstances, CRYPKYP only provides limited stylistic input to the content. CRYPKYP does not verify and takes no responsibility for the accuracy of the content provided by any such third-party publishers.