The hackers have targetted Solana users with millions of funds being drained from thousands of wallets.
On-chain data shows that, so far, the losses have been estimated to be around $8 million from over 7,000 compromised wallets. This number has been rising at around 20 per minute, according to Ava Labs CEO and founder Emin Gun Sirer.
- The attack vector remains unknown, but, according to the prominent blockchain security expert PeckShield, the hack could potentially be due to a “supply chain issue” that was exploited to steal user private keys behind affected wallets.
- The attacker managed to nab both native tokens (SOL) and SPL (USDC) from hot wallets. Notably, a majority of the them that were targeted have been inactive for more than six months.
- Solana-based hot wallets such as Phantom and Slope have been targeted and experts have warned users to transfer their funds into offline cold wallets.
- Anonymous blockchain sleuth, zachxbt, observed that the wallet of the hacker was funded via Binance seven months ago.
- Moreover, it was dormant before the attack, and four different wallets were used by the hacker around 10 minutes before the event.
- Solana confirmed the breach and revealed that there are some 7,767 wallets affected by the breach.
- Slope has also confirmed that it is currently working with Solana Labs and other Solana-based protocols and teams to get to the bottom of the issue.
