Solana Wallet Theft Update
On August 3, the Solana eco-wallet Phantom was suspected to have been hacked, with multiple users reporting that their funds were unknowingly depleted. This indicator provides an update on the theft of Solana wallets.
Phantom: No Phantom Systems Found to Have Been Compromised in Aug. 2 Security Incident
KingData News: SOL Wallet Phantom tweeted: After almost a week of investigation, our team has not found any evidence that Phantom's systems were compromised during the August 2nd security incident. While some Phantom users were affected, in each case we have reviewed, we found that they had imported their seed phrases/private keys to or from a non-Phantom wallet.
Solana Releases Aug. 2 Slope Wallet Event Update
KingData News: Solana said that it appears that affected addresses were at one point created, imported, or used in the Slope wallet applications on iOS and Android (created and published by Slope Finance). Private key material from these Slope users was inadvertently transmitted by the Slope app to an application monitoring service, but exactly how the hacker obtained or intercepted this information is still under investigation. No core code related to Solana Labs, the Solana Foundation, or anything related to Solana protocol itself was involved in this attack. This was not a protocol-level vulnerability. Hardware wallets (used with or without Slope) have not been impacted, and any wallets generated from seed phrases that have never been imported into (or used by) Slope wallets have not been affected. Solana officials also emphasized that if you are a user of Slope, or have ever previously imported seed phrases into Slope, your wallet may be compromised, even if no assets have been transferred. Users should not reuse any wallets derived from seed phrases previously used with Slope’s mobile applications.
MistTrack：Solana Theft Hackers Have Transferred Some of the Stolen Funds to Ether and TRON
KingData News: Cryptocurrency tracking platform MistTrack posted that the hackers of the Solana eco-wallet theft have transferred some of the stolen funds to Ether and TRON. Most of the funds(~53k $USDT & $USDC) were cross-chain via TransitSwap. About $11,801 USDT was transferred from TAd4uAHdSVpSjwzfBycmKcQR2UvaW8rVzy to a personal wallet, possibly through an OTC desk transaction. The hacker's initial gas fee also comes from the same personal wallet.
Solana-hacked Crypto Could be Claimed as a Tax Loss: Experts
KingData News: Australian, Canadian & U.K. crypto investors may potentially claim hacked crypto as a tax loss, but U.S. investors will miss out, according to tax experts. In correspondence with Cointelegraph, Shane Brunette, the CEO of Australia-based CryptoTaxCalculator confirmed that crypto lost via a hack or an exploit couldd be declared as a loss for tax purposes in certain jurisdictions.
Slope: The Server-side Logging was Removed as soon as the Vulnerability was Discovered
KingData News: Solana eco-wallet Slope said the server-side logging was removed as soon as the vulnerability was discovered.At this moment, 1,444 of the 9223 (15%) wallets affected could potentially be traced back to this vulnerability. Slope is working together with our auditing partners and the Solana foundation to uncover any potential additional attack vectors. Relevant law enforcement agencies have been informed in order to proceed with criminal investigations against the attackers.
SBF: Solana Core Has no Problems, The Theft Was Caused by an Attack on a Third-party DApp
KingData News: In response to the recent theft of the Solana eco-wallet, SBF said on its social media platforms that a random DAPP gets compromised and it's blamed on the underlying blockchain. To be clear, no core or internal infra had any issues! It was just a single third-party application some people used.
Solana: Wallet Theft May be Linked to Slope Wallet Private Key Leak
KingData News: Solana Status said on Twitter that after an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. Solana Status said this exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.
Solana Labs co-creator: The Attack was Caused by an Attack on the iOS Supply Chain
KingData News: The co-founder of Solana Labs tweeted that the attack appears to be an attack on the iOS supply chain, where multiple trusted wallets that only received SOLs and had no other interactions were affected and had imported externally generated private keys into iOS. At the same time, he said that just about all of the confirmed messages were from iOS devices, "but could be due to its popularity. "
Solana Status Releases Survey Form for Attacked Users
KingData News: Solana Status tweeted that if a user's particular Solana wallet was attacked and is one of the 7,767 people affected, they can fill out the corresponding form to confirm the problem, and that they currently need everyone's relevant information to help figure out what happened in this Solana attack.
Solana: Approximately 7,767 Wallets Affected, Root Cause of Exploit Currently Unclear
KingData News: Solana Status tweeted that an exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension. Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
Stakewiz.com: Solana RPC Nodes Appear to Have Stopped Serving Requests
KingData News: Solana authentication node Stakewiz.com tweeted that many Solana RPC Nodes appear to have stopped serving requests, might be due to load or intentional. This does not affect the underlying chain in any way. The chain is operating as normal. Users' wallet or explorer might not be loading right now, the chain is operating as normal.
PeckShield: Solana Wallet Mass Hack Now Estimated at $8M in Damages
KingData News: According to PeckShield monitoring, the widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M).
Emin Gün Sirer: Solana eco-mass theft may be a 'supply chain attack'
KingData News: Avalanche Gün Professor Emin Gün Sirer tweeted that more than 7,000 wallets have been affected in the ongoing attack on the Solana ecosystem, which is growing at a rate of 20 wallets per minute. He said that because the transactions are signed properly, it's likely that the attacker has acquired access to private keys. One possible route is a "supply chain attack" where a JS library is hacked, and it exfiltrates (steals) users' private keys. Affected wallets seem to have been created in the last 9 months, but there are reports of freshly created wallets also being affected. Stopping the chain wouldn't help, the attack would resume when the chain resumes.
Magic Eden: Advising Solana Wallet Users to Transfer Crypto Assets to New Wallets
KingData News: In a social media post, Solana Eco NFT Marketplace Magic Eden said that Upon further investigation, our team suggests not only to do the above but to also do the following: 1. Set up a new wallet with a new seed phrase 2. Transfer all your NFTs to your new wallet, then your liquid crypto Or better yet..Move everything to a cold wallet/ledger
Solana Official: Engineering Team is Investigating the Incident with the Assistance of Security Companies
KingData News: Solana Status officials tweeted that Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.
SlowMist: Over 8,000 Solana wallets stolen, approximately $580 million going to 4 addresses
KingData News: According to the monitoring by the SlowMist security team, a total of over 8,000 Solana wallets have been stolen so far, with about $580 million flowing to the following four addresses. Address I: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV. Address II: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu. Address III: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n. Address IV: GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy.
More than 5,000 Wallets Drained in Apparent Exploit on Solana Network
KingData News: Solana auditor OtterSec tweeted this evening that more than 5000 Solana wallets have been drained in the past few hours, corroborating numerous reports from people on Twitter claiming their balances have disappeared. OtterSec's analysis showed the transactions were signed by the owners, which the auditor said suggested a private key compromise. The exploit may also affect ETH users. Wallets that have been inactive for more than six months appear to be those hardest hit, according to reports on Twitter.
Decaf Developer: SOL Vulnerability Not a Trusted Application Issue, All Phantom Wallets Affected
KingData News: Decaf developer @JuanRdBO took to social media to respond to the SOL vulnerability previously posted by Magic Eden, saying that this is not a trusted apps issue. If a user has interacted with DeJBGdMFa1uynnnKiwrVioatTuHmNLpyFKnmB5kaFdzQ (Phantom interacts with it on wallet creation), the wallet is vulnerable to compromise.
Magic Eden：Suspected SOL Vulnerability Could Steal Phantom Wallet Assets, Remind Users to Revoke Suspicious Link Permissions
KingData News: Solana Eco NFT Marketplace Magic Eden tweeted that there seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem. Users are reminded to make the following settings to protect assets: 1. go to Phantom settings; 2. trusted apps; 3. revoke permissions for any suspicious links.
Solana Suspected of Massive Attack Due to Vulnerability, Phantom Says it's Investigating
KingData News: The CertiK security team tweeted that it had received a report of a wallet theft from Solana for reasons that are unknown at this time. Sources close to Solana's on-chain NFT project Solport say Solana is suffering from a massive attack and loss of funds, and report two wallet addresses where stolen funds are flowing to: CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu and Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV. These two wallets have stolen at least $500,000 in SOL tokens, $1.5 million in SPL tokens, and $1 million in NXDF tokens. "We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. " tweeted Phantom, the Solana ecosystem wallet.