Millions Drained in Solana Wallet Hack

Security firms are scrambling to assess total losses after hackers hit thousands of Solana wallets and drained millions in assets in an attack that started sometime late Tuesday (Aug. 2) and continued into Wednesday morning. 

Hackers got about $8 million from at least four Solana wallet addresses, but the cumulative losses are still being calculated, the blockchain security company PeckShield tweeted.  

The hack was trending on Twitter at press time, with investors, experts, stakeholders, and others weighing in about the latest crypto attack.       

Binance CEO Changpeng “CZ” Zhao tweeted that over 7,000 wallets were drained of SOL tokens and USDC stablecoins. 

“Don’t know root cause yet. Maybe permissions granted to apps,” Zhao tweeted.

See also: FBI Warns Fake Crypto Apps Robbed Investors of Millions

The FBI warned investors last month that fraudulent cryptocurrency apps tricked 244 victims out of $42.7 million between October 2021 and May 2022, PYMNTS reported.

The fraudulent apps got people to deposit their cryptocurrency holdings and then charged them a tax to make withdrawals. Even when victims paid the phony tax, they were still unable to withdraw their funds. 

The Solana attack is suspected to have been a supply-chain hack, which occurs when data is infiltrated by an outsider, but it’s all speculation at this point, Solana spokesman Austin Federa told Bloomberg.

“Much remains unknown at this point — except that hardware wallets are not impacted,” Federa said.  

Read more: Hackers Force a $4B Question: Can DeFi Ever Be Safe?

The blockchain audit firm OtterSec told Decrypt the Solana transactions were “signed by the actual owners, suggesting some sort of private key compromise.”

The hack might have originated on the Solana browser wallet Phantom and compromised user keys, and possibly involved seedphrases that were re-used among wallets on different chains, Decrypt reported.

Related: Hack of Crypto Payments Bridge Turns into $190M DeFi Free-for-All

This latest hack comes on the heels of the $190 million Nomad Bridge exploit on Tuesday (Aug. 2) that robbed an estimated 14,000 users. It is the fourth major bridge protocol hack of the year, following the $320 million Wormhole hack in February, $620 million Ronin hack in April and the $100 million Horizon hack in June, PYMNTS reported.

 

For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.