[Update IV] **WARNING** Millions Already Drained in Continuing Solana Based Wallet Hack


Photo Source

To review the original base article, click here.

To review 'Update II', click here

To review 'Update III', click here

August 3, 2022 @ 15:50 ET

Solana co-founder Anatoly Yakovenko gave the latest update from the Solana team on his Twitter account, highlighting what other blockchain analysts had speculated was a supply chain attack that allowed the hackers to gain access to private keys. Yakovenko said preliminary investigations showed wallets that had only ever received Solana (SOL) and had no interactions beyond receiving have been affected. The exploit affected both iOS and Android devices and all the affected wallets had their private keys imported or generated on mobile.

[Jenkinson, G. Solana wallets 'compromised and abandoned’ as users warned of scam solutions. (Accessed August 3, 2022)].

20220803 18.png
Photo Source

"Data from Dune Analytics currently lists 7,941 wallets that have been affected by the exploit" [Id. See also, Dune Analytics. mystery exploit victims. (Accessed August 3, 2022)].

"According to Solana analyst OtterSec, a private key compromise could be to blame for igniting the exploitation of Slope Finance’s hot wallets. Moreover, the hardest hit victims of the shocking hack so far have been wallets that have been inactive for at least half a year. Moreover, some crypto experts have outlined their belief that the attack was planned 7 months ago, as the hacker’s wallet was funded through Binance in February 2022" Dailycoin. Massive Solana Hack Drains $8M Across 8,000 Wallets. (Accessed August 3, 2022)].

"Solana regularly experiences damning security incidents, which is why many initially assumed the attack was caused by a bug in its software code. After suffering a major decline due to the hack, the SOL token is now back in the green, according to data from CoinMarketCap" [CryptoNews. Solana Names Real Reason Behind Multimillion Dollar Hack. (Accessed August 3, 2022)].

'The root cause is still not clear,' Elliptic’s co-founder Tom Robinson said. 'It appears to be due to a flaw in certain wallet software, rather than in the Solana blockchain itself.

[Ossinger, J. and Shukla, S. Crypto Takes a New Hit as Thousands of Solana Wallets Hacked. (Accessed August 3, 2022)].

"Much remains unknown at this point -- except that hardware wallets are not impacted,' Solana spokesman Austin Federa said. While there’s speculation the incident was a supply-chain attack, the nature of the exploit remains unclear, Federa said. Supply-chain hacks occur when an outside party or provider with access to the victim’s systems and data is infiltrated. Some NFTs were also stolen in the hack -- but the full impact of the exploit is still unclear, Elliptic’s Robinson said" [Id].

"Despite reports that it was an iOS hack, certainly, it was not. There are confirmed reports of wallet-drains from non-iOS wallets and extensions. The data suggests this is not an attack on a specific wallet provider but rather multiple wallets on many operating systems (mobile and desktop, iOS and Android)," Dmytro Budorin, CEO of Hacken, a blockchain cybersecurity specialist, said in an emailed comment. Also, according to him, while investigations into the attack have not been able to pinpoint the exact factors causing these hacks, in general, the attacker must have comprised a third party that must have ceded permissions to sign off on mass transactions.

[Kmieliauskas, L. SOL Drops as Thousands of Wallets Attacked on Solana, Millions in USD Stolen. (Accessed August 3, 2022)].

"Confirmed with the cross chain user that they imported their TrustWallet seed phrase into Slope. Both Slope & TrustWallet seem to use a single seed phrase cross-chain," analyst Adam Cochran said. "Likely why we've seen so few cases on Ethereum directly. Suggests something exposing seeds w/ Solana apps?"


Meanwhile, Solana validator Laine has denied claims that validators blacklisted or plan to blacklist the wallets associated with hackers. "We have not blacklisted anything nor are we aware of any discussion to do so. Explorers have blacklisted them, i.e. they are displaying warnings, but that doesn't affect any transactions," Laine said.


"At around 10 UTC, the scanning tool for the Solana ecosystem, Solscan, provided a 'real-time visualization dashboard' that shows the total value in the hacker's wallets, token allocation in each wallet, analytics of the victims' wallets, most exploited wallets, etc. Per the dashboard, at 12:22 UTC, the total value transferred to the attacker's wallet is USD 4.46m. Just below 50% of this is USDC, 35% is SOL, and 15% are other coins. 'Low liquidity tokens are removed from the report as they do not reflect the accuracy of the report,' Solscan said.


Photo Source

Solana wallet platform Solflare told Cointelegraph that it had not suffered any loss of funds and that it was working with other wallet providers to provide support toward a solution. The uniform message to SOL holders from the wider cryptocurrency ecosystem is to move funds to cold storage or centralized exchanges and to revoke permissions from trusted apps in wallet settings. Solflare also warned that users with mnemonic seed phrases originating from other wallets were at risk of being exposed.

[Jenkinson, supra].

None of the major players in this current mess have made it clear to investors whether or not affected wallets will have their funds recouped or refunded after the incident.

Posted Using LeoFinance Beta