Blockchain, once thought to be the quickest way of earning profits on investments, is now struck with calamities. Months ago, the crash of Luna crypto currency took lives of many and shook the entire world of blockchain. Nevertheless, to keep the ecosystem alive, Luna 2.0 was launched. And the world thought finally crises were averted (a sigh of relief). But …… who knew there was someone else, lingering around in the dark, waiting just for the right moment to ‘peeka bu’ the blockchain world. The misery of the blockchain users continues – Solana Hacked.
For those who don’t know, as per TVL (total value locked), Solana is the fifth largest blockchain. Last year, the popularity of Solana rose because of its low fees and quick transactions.
Recently, the complaints of the blockchain users went viral regarding the theft and drainage of their funds without knowledge. After a while it was revealed that Solana ecosystem has been under attack. As per reports around 8,000 ‘hot wallets’ have been compromised. The internet-connected “hot” wallets under the attack are TrustWallet, Slope, and Phantom.
🚨 Widespread Solana private key compromise 🚨
– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for >6 months
– both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q
— foobar (@0xfoobar) August 3, 2022
According to OtterSec (block chain auditors), attack is ongoing, how many more wallets will be compromised are still unknown. The attack linked many Solana addresses, with wallets having at least $5 million worth of SOL, SPL, and other Solana-based tokens from unsuspecting users. A meticulously planned supply chain attack that targeted and effected mostly the mobile users.
One of the users took it to twitter to share the unusual activity that happened with the Solana wallet. “I was getting my sunglasses refit when I got a push notification from my mobile wallet that I had sent all the SOL from my wallet,” Solana community member @gostak_gm told CoinDesk. “It was my main hot wallet, so I had it connected to lots of different mobile and web extension wallet providers as well as a lot of dapps. Not clear to me what could have been the root cause. Glad to have most of my funds on a cold wallet.”
This attack has sparked the debate hot wallets (online transations) vs cold wallets (transactions via USB), which one is more secure? The current events certainly favor cold wallets over the hot ones.
The representative of Phantom (largest Solana wallet) said “We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information.” It was further added “The team doesn’t believe this is a Phantom-specific issue at this time.”
With the source of the attack still unknown, one cannot tell for sure when and how to stop the attack. Just a bad day for another top ranked block chain. Since the attack, a 4 % dropped has been witnessed in Solana’s native token SOL.