Hackers are targeting the Solana blockchain, whose native cryptocurrency is sol, one of the biggest cryptocurrencies by market cap after bitcoin and ether. So far, about 8,000 wallets have been drained of their sol tokens, costing users over $5 million thus far.
However, according to CNBC, the breach continues, so there’s no way to know yet just how widespread it will end up being when Solana finally plugs the hole.
The Latest On The Solana Hack
Blockchain analytics firm Elliptic said hackers have stolen a little over $5.2 million worth of sol coins from almost 8,000 wallets. The Solana Status Twitter account, which is operated by the Solana Foundation, confirmed the hack, reporting overnight that an exploit had allowed a malicious actor to drain the sol coins contained in about 7,767 digital wallets.
The organization added that the exploit has affected several so-called "hot" wallets, including Slope and Phantom. Hot wallets are those connected to the internet in some way. According to CNBC, users of Trust Wallet, Slope and Phantom all started reporting the breach on Tuesday night, saying that their wallets had been drained.
Phantom tweeted that it's investigating the "reported vulnerability in the Solana ecosystem," adding that it doesn't believe the breach to be specific to its wallet. Blockchain audit firm OtterSec tweeted that multiple wallets across a variety of different platforms have been affected.
Dealing With The Vulnerability
Solana said that engineers from multiple ecosystems are working with several security firms to investigate the drained wallets. It also said there are no signs that hardware wallets have been affected, although the breach appears to have affected both extension and mobile wallets.
The foundation also advised users to switch to a hardware wallet and not to reuse their seed phrase on a hardware wallet. A seed phrase is a collection of random words that a crypto wallet generates when the user sets it up. It also grants access to the wallet.
Additionally, Solana said wallets that have been drained should be treated as compromised and abandoned. The organization asked sol users whose wallets were drained to complete this survey as engineers investigate the cause of the breach.
Early Findings From The Investigation Of The Solana Hack
On Wednesday morning, Solana tweeted that the issue doesn't appear to be a bug in the blockchain's core code but rather in software used by several digital wallets that are popular among sol users. Elliptic Chief Scientist Tom Robinson backed up Solana's claim. He said that although the root cause of the breach remains unclear, "it appears to be due to a flaw in certain wallet software rather than in the Solana blockchain itself."
OtterSec also reported that the actual owners of the sol coins were signing the transactions, which suggests "some sort of private key compromise." An owner's private key grants them access to their crypto holdings. At this point, the identity of the person or group behind the Solana hack is unknown.
SOL Coin Down 2% After Solana Hack
The Solana blockchain was widely seen as one of the most promising new crypto networks. Well-known backers like Andreessen Horowitz and Chamath Palihapitiya have touted it as a challenger to Ethereum due to its faster processing times for transactions and enhanced security.
However, Solana has dealt with numerous issues recently, including extended downtimes and a widely held view that it is more centralized than Ethereum.
Data from CoinMarketCap showed that the price of the sol token was down 2% at midday on Wednesday with a 105% increase in trading volume. The sol token has recovered from the initial plunge after the Solana hack was announced, when it fell about 8%, dragging its price down to around $38. The cryptocurrency is now trading at around $40.