Massive Solana Exploit Drains $8 Million Worth of Funds

Written by adam-stieb | Published 2022/08/05
Tech Story Tags: solana | exploit | cryptocurrency | phantom-wallet | changenow | solana-attack | solana-blockchain | solana-exploit

TLDRSolana and Binance smart chains were hit by a massive Solana hack on August 2, 2022. Both native tokens and SPL tokens (USDC) were stolen from more than 7,930 wallets. TrustWallet, Phantom and Slope wallets were reportedly drained. Phantom team spoke up immediately about the hack, claiming that they were trying to get to the root of the problem. There are claims circling around that the Slope mobile wallets were leaking private keys. Last February, the Wormhole bridge (a communication bridge between Solana. and other DeFi networks) got hacked.via the TL;DR App

Tons of people lost their entire wallet balance in a massive Solana exploit that happened on August 2, 2022. Both native tokens and SPL tokens (USDC) were stolen from more than 7,930 wallets whileTrustWallet as well as Phantom and Slope wallets were reportedly drained.

The Phantom team spoke up immediately about the hack, claiming that they were trying to get to the root of the problem. There are claims circling around that the Slope mobile wallets were leaking private keys while plenty of people who got drained had both Phantom and Slope wallets and were using their mobile apps. Up to now, no desktop wallets were drained.

The first ones to notice the hack was going on were Taiyo Robotic holders who were sitting in a VC with Solport Tom, the project’s owner. Within just 2 minutes, more than $100,000 were stolen. As the night went on, more and more wallet drains were reported.

It is worth mentioning that hackers stole more than $700 million solely in 2022 while the Solana and Binance smart chains were hit the hardest. Last February, the Wormhole bridge (a communication bridge between Solana and other DeFi networks) got hacked. Hackers exploited a signature verification vulnerability and stole about $334 million. This was the second largest hack in DeFi history.

This SOL exploit was the fifth one this year and, although not the biggest one, it was among the ones that truly raised the dust. For the past 36 hours, more than 200,000 Solana hack-related Tweets were published.

Yet, what happened, exactly? From what we know so far, it was an ecosystem-wide vulnerability, not a Phantom or Magic Eden-specific issue but, more likely, a browser-level problem.

Revoking permissions for any suspicious links doesn’t help much in situations like this since hackers make it look like the actual owners are the ones signing transfers. Leaked seed phrases could be the reason why assets were transferred from wallets on behalf of users.

However, it is still highly advisable you revoke any approvals. Simply log into your wallet, click on the settings tab, and remove approval for all of the trusted apps.

We spoke with Mike Ermolaev, head of PR at ChangeNOW, the crypto processing and swap service. One of the ChangeNOW ecosystem's products is NOW Wallet, and Mike has kindly agreed to shed more light on the matter.

Being drained out of your savings is a horrific thing. Seeing that so many people got affected is even worse. However, this, at the same time, gives us the bigger picture of the situation and, once more, proves the fact that people need more guidance on how to protect their assets and which wallets to use.”

With non-custodial wallets, users’ private keys and assets are fully in their ownership and there are absolutely no intermediaries, which means that you are the only bearer of the responsibility for your digital belongings.

“Once your private keys are cracked, there’s very little you can do, even if you are using a non-custodial wallet. However, as long as you are making sure that your seed phrase is not stored on your mobile phone or any other device you are using (that has access to the internet), you are good to go. Also, you should be extremely careful about the dApps you are connecting your wallet to and potentially vulnerable browser extensions you are using”, Mike adds.

In one of his past interviews, Mike spoke about ChangeNOW’s mission to shape a safer environment for everyone in the crypto industry.

“In November 2021, it returned 600,000 MATIC coins to Eterbase, a Bratislava-based exchange that was hacked in 2020 and lost approximately $5.4 million in cryptocurrency on the day of the hack. Hackers attempted to liquidate the funds through ChangeNOW's swap platform but the funds were frozen by its AML system.”


ChangeNOW’s AML system is really top-notch. We use a number of sophisticated mechanisms to filter suspicious transactions and detect fraudsters. That’s also how we managed to recover over $19 million of losses related to hacks (just like the one that happened on Solana) and frauds. Will Slope manage to do the same is yet to be seen.”

Summary

The increasing number of attacks in the crypto space and users losing more than $8 million to hackers during the last one leaves a bad taste in Web3 enthusiasts’ mouths. And, since cybercriminals and malicious individuals are constantly coming up with more advanced methods, it is paramount that we all do our best to prevent users from falling victims to various scams.

Published by HackerNoon on 2022/08/05
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy