Solana users this week reported that their funds had been drained from more than 8,000 internet-connected “hot” wallets, including Phantom, Slope, and TrustWallet, amassing losses exceeding US$5 million according to blockchain auditing firm OtterSec:
Hardware Wallets Not Compromised
No evidence was found that the Solana protocol or its cryptography were compromised, nor were its hardware wallets. According to a Solana Status Tweet, engineers from across several ecosystems, in conjunction with audit and security firms, were continuing to investigate the “root cause” of the attack:
Blockchain investigation firm PeckShield posted on August 2 that the hack was most likely due to a “supply chain issue”, which was exploited to steal user private keys behind the affected wallets. The exact cause of the attack remains unclear, although it appears that mobile wallet users were impacted most. The attackers were able to sign transactions on behalf of users, suggesting that a trusted third-party service might have been compromised.
The Solana Status Twitter account shared its preliminary findings via developers and security auditors, saying that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications”:
The thread continued: “This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure … While the details of exactly how this occurred are still under investigation, private key information was inadvertently transmitted to an application monitoring service.”
Yet Another Setback for Solana
Over the past nine months, Solana has suffered some severe downtime on its network caused by “excessive duplicate transactions” and “high levels of congestion”. It also suffered a distributed denial-of-service attack in December last year that jammed the network and led to huge delays, leading many to question the security of the network.