Solana developers have discovered an exploit that allowed hackers to compromise 7,767 Solana-based wallets. As of now, it’s unknown how exactly hackers were able to exploit it. At present, it appears only wallets using Phantom and Slope wallet software have been affected.
“Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected,” said Solana Labs co-founder and CEO Anatoly Yakovenko in a tweet. “Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.”
Peckshield shares Yakovenko’s opinion that the hack was due to a supply chain attack, tweeting, “The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets.”
Currently, the sum of the stolen funds is unknown, with Peckshield estimating the loss at $8 million and security firm Anchain suggesting the loss was around $5 million.
Solana is providing a survey to victims of the hack, asking which wallet application they used and when the application was downloaded. Victims are also asked to specify whether they accessed said wallet on Android, iOS, Mac or PC and which web browser was used. Additionally, the survey asks whether users generated their seed phrase from within their wallets and whether they used the same seed with multiple wallets.
Solana was one of the top five crypto contenders a few months ago. However, Solana has slipped down to the ninth after this latest hack.
The Solana Saga
While the exploit has damaged Solana in the stock market, the company has a phone in the works that may help it regain its lost profits. Solana Labs’ Saga, which will release next year, is an Android mobile phone that will feature a Web3 decentralized app store.