Thousands of users from the popular blockchain Solana have reported losing funds from their internet-connected "hot" wallets after a multi-million dollar crypto heist, according to a report by TechCrunch.
As of 5:00 a.m. UTC on Wednesday, Aug. 3, an unidentified hacker had drained cash from 7,767 wallets on the Solana network, according to the blockchain's latest tweet.
However, the cryptocurrency tracker of blockchain security company SlowMist discovered that over 8,000 wallets had been emptied. The loss up to this point is reportedly about $8 million.
Not Restricted To Solana
According to TechCrunch, the attack does not seem to be restricted to Solana and has only hit "hot" wallets or wallets that are always linked to the internet and allow users to store and send tokens with ease.
Investor at Solana Ventures Justin Barlow said his USDC balance had also been depleted. Crypto researcher @0xfoobar also revealed that the hacker is stealing both native tokens (SOL) and SPL tokens (USDC), draining wallets that have been inactive for less than six months.
Other wallets such as TrustWallet, Phantom, Solflare, and Slope, have been affected by the hack as well, according to TechCrunch.
Solana cautioned users to convert to hardware or "cold" wallets while urging them to treat compromised and depleted wallets as abandoned.
Phantom, a rapidly expanding wallet with a Solana base that reached a $1.2 billion value in January, stated that it is collaborating closely with other organizations to address a reported weakness in the Solana ecosystem.
Magic Eden, a non-fungible token (NFT) marketplace, urged users to withdraw access to any suspicious URLs in their Phantom wallets, while Slope noted that it is actively working to resolve the issue as quickly as possible.
Supply Chain Attack
Emin Gün Sirer, the creator of another well-known blockchain called Avalanche, and other industry leaders claimed that the transactions were properly signed, suggesting that the vulnerability may have been caused by a "supply chain attack" that succeeded in acquiring users' private keys.
Removing wallet approvals won't likely help, @0xfoobar said, adding that this incident has likely led to a widespread private key breach.
According to Solana's Status Twitter account, the company's developers are collaborating with several ecosystem teams and security researchers to determine the root cause of the vulnerability, which is still unknown.
Just hours before the Solana attack, criminals took advantage of a security flaw to steal about $200 million in digital assets from the cross-chain communications protocol Nomad, as per TechCrunch.
A recent change to one of Nomad's smart contracts that made it simple for users to impersonate transactions enabled the "free-for-all" attack, which encountered more than 41 addresses and drained $152 million, which is 80% of the stolen funds from them.
Related Article : Solana Outage Now Solved After 'Durable Nonce' Bug Hits Blockchain | Here's What Happened
This article is owned by Tech Times
Written by Joaquin Victor Tacla