After a string of security breaches and exploits over the past few months negatively impacted investor sentiment, Solana, a layer-1 blockchain, is experiencing another attack. As a result, this has sparked a decline in the platform-native SOL token’s value as well as investor’s trust.
At the time of writing, #SOL is trending on Twitter due to an exploit that began Tuesday, August 2, 2022, draining as much as $8 million from thousands of Solana-based wallets like Slope and Phantom so far.
Per the latest report by blockchain auditing firm OtterSec, “the attack is still ongoing, and more than 5,000 Solana-based wallets have been compromised so far.” The numbers are rising as more users continue to report loss of funds.
Exact Cause of Attack Remains Unclear
While the exact cause remains unclear, preliminary reports indicate that the attacker (or the group of attackers) is stealing both SOL and SPL (USDC) tokens, primarily targeting Phantom and Slope wallets that have been inactive for more than six months.
The hacker somehow acquired the ability to initiate and approve transactions on behalf of users (i.e., sign the transactions), which suggests that a third-party service may have been compromised due to an “upstream dependency supply chain attack.”
The most recent report by blockchain investigator PeckShield contends that hackers are exploiting Solana wallets due to a “supply chain issue” to steal users’ private keys. The total number of compromised wallets has edged past 8,000 and is rising by approximately 20 per minute. However, since there is no clear answer to what caused this, the market is flooded with speculation about the root cause.
Data compiled by blockchain tracking platform MistTrack highlights four wallet addresses that might be linked to hackers. These wallets currently hold around $5 million in SOL, USDC, USDT, BTC (BTC-USD), and ETH (ETH-USD). Meanwhile, the Solana team has confirmed the breach, revealing that approximately 7,767 wallets have already been compromised.
The Solana team has also clarified that this breach is affecting its wallets’ mobile apps and web extensions. Experts are urging users to transfer their assets from Phantom and Slope wallets to other cold wallets or centralized exchange wallets in the meantime.
The attack is still unfolding, and initial reports indicate that private keys have been compromised. This means compromised wallet holders have limited recourse to prevent the hackers from absconding with their funds. As a result of the widespread wallet hack, many investors have expressed doubt about Solana’s future. In the two hours following the first reports of the hack, Solana’s price dropped by 8%.
Per Vidor Gencel, the CEO & Co-Founder of Solflare, “The only thing we know is that based on the current incident reports, there has been nearly no Solflare mentions and that Solflare users are safe unless they imported their seed phrase into other wallets – then they might be exposed. The whole ecosystem is looking for answers, and we are closely monitoring the situation and will provide updates as soon as possible.”
No Substantial Progress Has been Made So Far
Slope and Phantom wallet’s teams have also confirmed that they are working with Solana Labs and other Solana-powered protocols to get to the issue’s root. However, no substantial progress has been recorded thus far. Solana’s security has faced substantial scrutiny, especially given the recent string of hacks that have drained billions of dollars from the ecosystem.
On the security problems clouding the promising layer-1 blockchain, Arthur Breitman, co-founder of Tezos, notes, “Security issues that can affect an L1, from least to most severe: (1). Block censorship; (2). Consensus safety fault; (3). Deflation bugs; (4). Inflation bugs; (5). Widespread private keys compromise. The problem with the last one is there is basically no mitigation.”
He explains, “Widespread private keys compromise is also typically not related to bugs in the L1 node but in the clients (e.g., wallet). Forking, stopping the chain, or whatever doesn’t help because the only way users are authenticated is via knowledge of their private key. Once it’s out, it’s out.”
When it comes to potential solutions, Arthur stresses, “The only realistic mitigation would be to fork and have centralized service re-provision keys via thorough identity checks to deter false claims. Pragmatically do it for the largest holders and bail out the smaller ones via inflation.”