Solana Wallet Exploit

0 422

There have been many hacks taking place in the Web3 crypto space lately, and today we have been hit with news of yet another. This time round, Solana users are being affected by one such exploit, with assets worth millions of dollars already having been stolen. Among the affected are users of the Solana based Phantom and Slope wallets. The targeted hot wallets have had native SOL and SPL tokens drained from them.

Even though it is still early and the exact method of the hack is yet to be discovered, Emin Gün Sirer, CEO at Ava Labs (Avalanche) took to Twitter to offer some insight into the situation. Emin explained, amongst other things, that the the exploit may be a “supply chain attack” where a JS library is hacked and exfiltrates users’ private keys. He mentions that the affected wallets for the most part seem to have been generated in the last nine months.

More details below in Emin’s thread.

The Phantom wallet team were quick to issue a statement on the matter, mentioning that the exploit was not Phantom-specific, and that the team was working closely with another team in the Solana ecosystem to resolve the issue.

This exploit comes at a seemingly bad time for Solana, as recently the Solana Foundation opened Solana Spaces NYC, the world’s first retail & educational space dedicated to Web3.

Solana Spaces has been created as an area to introduce people to the wider blockchain and Web3 industry, and specifically, you guessed it, the Solana ecosystem. During their visit to Solana Spaces, one of the major activities that visitors could partake in was setting up a new Phantom wallet.

Making the connection, users of the freshly created wallets might have also been affected.

Let’s take a further look.

Solana Spaces

Overall Solana spaces is meant to be an immersive Web3 learning space, where visitors can explore and learn about the Solana ecosystem, as well as blockchains in general. There are many things to do in Solana Spaces and visitors are rewarded for partaking in some of the activities with NFTs and also USDC.

As mentioned above, visitors can get set up with a Phantom crypto wallet in the Phantom Seed Phrase Booth, get hands on with the Solana Saga mobile, and browse a wide range of new Solana-themed, and crypto lifestyle merch. If using Solana Pay for your purchase, you get up to 50% off. Solana Spaces also features an NFT gallery, and each season they’ll be featuring a new NFT collection. The first NFT collection to be featured is DegenApeAcademy.

Solana Spaces is committed to bringing Solana to the masses, and will be rotating the in-store experience every month to help keep things interesting. Furthermore, according to the thread below, there is a lot more to come.

Advice from the community

We can only hope that the issue is resolved swiftly, and that individuals users have not been too badly affected. During the time of this hack many have taken to Twitter to offer information on the situation.

One such user is foobar, who explains in their detailed thread that “Revoking [dApp] approvals will probably not help – only transferring to an offline hardware wallet […] because these SOL and SPL transfers are signed by the users themselves, not transferred away by a third party using approvals. So while you can revoke, it’s likely something has caused widespread private key compromise.

Join our

Telegram / Discord / Twitter

Leave A Reply

Your email address will not be published.