Hardware Wallets Not Affected by Solana Hack: ~$8M Drained So Far
Solana has fallen victim to a hack that affected more than 8,000 wallets and drained users of around $8 million worth of funds. The team behind Solana said that the hack predominantly impacted “hot” wallets, claiming that there is no evidence that hardware wallets were impacted.
Users Lose $8 Million in Solana Hack
Solana, a so-called “Ethereum killer” and an increasingly popular blockchain, has fallen victim to a widespread hack that has drained $8 million in funds so far across a number of Solana-based hot wallets.
The hack ostensibly started in early Wednesday, with users reporting the loss of their funds without their knowledge from major internet-connected “hot” wallets including Phantom, Slope, and TrustWallet. Some affected users have claimed that they haven’t interacted with any contracts in more than 40 days.
Solana’s official Twitter account claimed that approximately 7,767 wallets have been affected as of 5 am UTC. “The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension,” the team said, adding that they are currently investigating the incident.
Blockchain security firm SlowMist has identified four wallets associated with hackers. The company initially estimated losses to be around $580 million. However, after excluding the “value of EXIST and other shitcoins,” which are very volatile and don’t have much liquidity, SlowMist found that around $4.5 million worth of SOL, USDC, USDT, BTC, and ETH has been stolen.
PeckShield, another blockchain investigator, estimated a higher loss. The company claimed that around $8 million worth of funds has been stolen, excluding “one illiquid shitcoin” that may be misvalued at $570 million.
Nevertheless, the hack seemingly only affected “hot” wallets, which are wallets that are always connected to the internet. The Solana team also announced that “there’s no evidence hardware wallets have been impacted.”
Hardware wallets are a form of offline storage that store users’ private keys in a secure hardware device. While hardware wallets are much safer than hot wallets, they are less convenient. A user would need to power on and connect a hardware wallet to the internet in order to use it, while hot wallets are always connected and ready to use.
Join our Telegram group and never miss a breaking digital asset story.
Source of Solana Attack Remains Unknow
The details of the Solana hack are largely unclear at this point. However, blockchain auditor OtterSec said that the transactions are being signed by the actual owners, suggesting some sort of private key compromise, or a so-called supply chain attack. Crypto veteran Adam Cochran said:
“Confirmed with the cross chain user that they imported their TrustWallet seed phrase into Slope. Both Slope & TrustWallet seem to use a single seed phrase cross-chain. Likely why we’ve seen so few cases on Ethereum directly. Suggests something exposing seeds w/ Solana apps?”
PeckShield also weighed in on the supply chain theory. “The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets,” the company said.
Meanwhile, the hack has also affected Ethereum users, albeit to a far less extent. “Seems like before Solana Wallets got drained, a user’s TrustWallet and Slope wallets have compromised on both Solana and Ethereum,” PeckShield said, adding that around $80,000 has been sent to the hacker’s Ethereum address.
Notably, despite the large extent of the hack, Solana’s native token SOL has held pretty well. The coin is currently trading at over $39, down by less than 3% over the past 24 hours. However, the coin is down by around 80% YTD.
Why do you think SOL is holding well despite the hack? Let us know in the comments below.
This article is a developing story and will be updated as more information becomes available.