An ongoing, widespread hack has seen as much as $8 million in funds drained so far across a number of Solana-based hot wallets.
Rašymo metu Solana (SOL) is currently trending on Twitter as countless users are either ataskaitų on the hack as it unfolds, or are reporting to have lost funds themselves, warning anyone with Solana-based hot wallets such as Phantom and Slope wallets to move their funds into cold wallets.
Blockchain investigator PeckShield on August 2 said the widespread hack is likely due to a “supply chain issue” which has been exploited to steal user private keys behind affected wallets. It said the estimated loss so far is around $8 million.
#PeckShieldAlert Plačiai paplitęs įsilaužimas į „Solana“ pinigines greičiausiai atsirado dėl tiekimo grandinės problemos, naudojamos pavogti / atskleisti vartotojų privačius raktus, esančius už paveiktų piniginių. Apskaičiuota, kad iki šiol nuostoliai yra 8 mln. USD, neįskaitant vieno nelikvidaus „shitcoin“ (tik 30 sulaikytų ir galbūt neteisingai įvertinta 570 mln. USD) pic.twitter.com/aTGNsTc6d8
– „PeckShieldAlert“ (@PeckShieldAlert) Rugpjūtis 3, 2022
Solana-based wallets providers including Phantom and Slope, and non-fungible token (NFT) marketplace Magiškasis Edenas are among those that have commented on the issue, with wallet provider Phantom noting that it is working with other teams to get to the bottom of the issue, although it says it does not “believe this is a Phantom-specific issue” at this stage.
Glaudžiai bendradarbiaujame su kitomis komandomis, kad pašalintume Solanos ekosistemos pažeidžiamumą, apie kurį pranešta. Šiuo metu komanda nemano, kad tai yra specifinė „Phantom“ problema.
Kai tik surinksime daugiau informacijos, paskelbsime atnaujinimą.
- Phantom (@phantom) Rugpjūtis 3, 2022
Magiškasis Edenas patvirtino the reports earlier in the day by stating that “seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem” as it called on users to revoke permissions for any suspicious links in their Phantom wallets.
Slope said it is currently working with Solana Labs and other Solana-based protocols to tiksliai nurodykite the issue and rectify it, though there were “no major breakthroughs yet.”
Still war-rooming through it. No major breakthroughs yet. Will follow up as soon as possible with any major conclusions and/or recommended practices.
– nuolydis (@slope_finance) Rugpjūtis 3, 2022
Twitter user @nftpeasant said as much as $6 million worth of funds were siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it appears a Phantom wallet user had $500,000 worth of USDC drained from their account.
???!!! https://t.co/sBDgxqGyaw
- Matthew Graham (@mattysino) Rugpjūtis 2, 2022
Popular scam detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago.
Susiję: Solanos pagrindu pagaminta stabili moneta NIRV nukrito 85% po 3.5 mln. USD išnaudojimo
The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started.
Prieš 7 mėnesius per Binance finansuota sukčių piniginėhttps://t.co/5gQbObcsg4 https://t.co/sco5SPBrne pic.twitter.com/AL6Hm4F3R3
– ZachXBT (@zachxbt) Rugpjūtis 3, 2022
There have also been different reports on how many wallets have been affected and the extent of the damage so far.
Crypto tracking and compliance platform Mist Track stated via Twitter that as many as 8,000 wallets have been hacked, with $580 million sent to four addresses, however, commentators on the post are skeptical about the number.
Meanwhile, Ava Labs CEO and founder Emin Gun Sirer stated that the number was at 7,000 plus wallets, a number which is rising at around 20 per minute. He said he believes that as the transactions appear to be signed properly, “it is likely that the attacker has acquired access to private keys.”
Šiuo metu vyksta ataka, nukreipta į Solanos ekosistemą. Paveikta daugiau nei 7000 piniginių ir didėja 20/min. Kadangi dar labai anksti ir ataka tebevyksta, yra daug dezinformacijos ir spėliojimų. Taigi čia yra keletas minčių ir paaiškinimų.
- Eminas Günas Sireris (@ el33th4xor) Rugpjūtis 3, 2022
Cointelegraph has reached out to Phantom for comment on the matter and will update the story if the firm responds.
Source: https://cointelegraph.com/news/ongoing-solana-based-wallet-hack-has-already-seen-millions-drained