Solana wallet hacked and lost nearly $580 million

On August 3, Solana wallet Phantom was suspected of being hacked, with multiple users reporting that their funds were being drained without their knowledge.

According to community announcements, three suspicious wallets have been exposed, and the stolen funds include $1.645 million in SOL and $576 million in SPL tokens, and they are still increasing:









In response, Phantom responded that it is working closely with other teams to identify reported vulnerabilities in the Solana ecosystem. Currently, the team does not believe this is a Phantom-specific issue. An update will be posted once more information is gathered.

Some users suspected that the hack might be related to transactions on Magic Eden’s Solana-based NFT marketplace . Magic Eden reminds users to make the following settings to protect personal assets: 1. Enter the Phantom wallet settings page; 2. Click on Trusted Apps; 3. Revoke permissions for any suspicious links.

Solana ecological construction participant @SolportTom said that as far as is known so far, no casting occurred during drain. Transactions look like normal transfers, not from contracts. It’s about the whole ecosystem, presumably it’s about gambling services.

Crypto KOL 0xfoobar analysis says: Attackers are stealing SOL and SPL tokens. Affects wallets that have been idle for more than 6 months. Both Phantom and Slope wallets are exhausted. 0xfooba said the reason for the exploit is unknown, it may be an upstream-dependent supply chain attack, and revoking approval may not help. Why doesn’t revoking approval help? Because these SOL and SPL token transfers are signed by the user themselves, not by a third party approved for use. So, while individuals can revoke it, it is likely that there was a widespread private key compromise for some reason.

The solution is to transfer the assets to a wallet that never exposes the private key to a potentially vulnerable browser extension. That means hardware wallets and nothing else. Without a hardware wallet, the best practice is to limit any upstream telemetry that may occur. Ironically, closing the browser and turning off the computer’s airplane mode also applies to any exposure to pks until the cause of the exploit is known and fixed. Alternatively, moving assets into a reliable CEX is also a retention strategy.

Affected by this incident, STEPN reminds users that if users import/export any non-custodial wallets externally to STEPN, they need to consider:

1. Check the wallet to see if any assets are missing;

2. Transfer assets out of the wallet;

3. Generate new non-custodial wallet in STEPN app.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (1)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-02 23:24
Next 2022-08-02 23:26

Related articles