Do we need more Scalability, Speed rather than Security as the Solana Ecosystem is under attack again?
In a tweet earlier today, Magic Eden confirmed that there is an exploit draining wallets on the Solana ecosystem. At the time of writing, data from Kopa shows that over 7,700 addresses have been affected, as pundits estimate that at least $5 million in crypto assets have been lost.
???Atrodo, kad yra plačiai paplitęs SOL išnaudojimas, kuris nusausina pinigines visoje ekosistemoje
Štai ką galite padaryti dabar, kad geriausiai apsisaugotumėte
1. Eikite į >Nustatymai savo @fantomas piniginė
2. >Patikimos programos
3. >Atšaukti bet kokių įtartinų nuorodų leidimus?
– Stebuklingas Etanas? (@MagicEden) Rugpjūtis 3, 2022
While the vulnerability causing the exploit remains unknown, Binance’s Changpeng Zhao and other pundits have confirmed that the exploit does not seem to be affecting cold wallets or central exchanges. Users have been advised that disabling permissions granted to suspicious links in their wallets may not be enough and have been instead encouraged to move their assets to cold wallets or central exchanges.
Solanoje įvyko aktyvus saugumo incidentas. Daugelyje (7000 ir daugiau) piniginių išeikvota SOL ir USDC. Dar nežinau pagrindinės priežasties. Galbūt programoms suteikti leidimai. Norėdami ištaisyti, nusiųskite lėšas į šaltą piniginę arba CEX @Binansas. https://t.co/nQrBXAgCbf
- CZ? Binance (@cz_binance) Rugpjūtis 3, 2022
The information available shows that the attackers have somehow managed to gain access to the seed phrases of users. At the time of writing, the most popular theory is one suggested by Ava Labs CEO Emin Gün Sirer. According to Sirer, the exploit is likely a supply chain attack, as he suggests a JavaScript library may have been compromised.
Vienas iš galimų būdų yra „tiekimo grandinės ataka“, kai įsilaužiama į JS biblioteką ir ji išfiltruoja (pavagia) vartotojų privačius raktus. Panašu, kad paveiktos piniginės buvo sukurtos per pastaruosius ~9 mėnesius, tačiau yra pranešimų, kad nukentėjo ir naujai sukurtos piniginės.
– Eminas Günas Sireris? (@el33th4xor) Rugpjūtis 3, 2022
Meanwhile, Adam Cochran reports that most victims appear to be IOS users, with most of their wallet interactions on mobile. Phantom and Slope wallets’ users also appear to be the most affected.
1/3
Kalbėjomės su vartotoju, į kurį buvo įsilaužta ir Solana, ir Ethereum:
- Naudota iOS
– Piniginės buvo „TrustWallet“ ir „Slope“.
-ERC20’s were stolen to: 0xc611952D81E4ECbd17c8f963123DeC5D7BCe1c27
-ETH pusė buvo TrustWallet
-Tuo pačiu metu buvo paimtas ir turtas- Adomas Cochranas (adamscochran.eth) (@adamscochran) Rugpjūtis 3, 2022
While there have been reports of a similar issue on Ethereum, these are very few, and it only appears to be the case when seed phrases are shared with Slope.
On-chain sleuth CIA Officer reports that the amount of stolen SOL per minute appears to be slowing down from 1K SOL per minute to less than 1 SOL per minute. Notably, not only SOL has been drained from the affected wallets but also stablecoins like USDC and USDT and assets like Bitcoin and Ethereum.
amount of sol stolen per minute going down. startet at ~1kSOL/minute, now at <1 SOL/minute: https://t.co/D90uCXh1Hl
- CŽV pareigūnas (@officer_cia) Rugpjūtis 3, 2022
Notably, a network validator has launched a DDOS attack on the network in an attempt to slow down the attacker.
according to solana validator discord, Jito is responsible for the network ddosing to slow down attacker and bringing down solana rpc in the process
- CŽV pareigūnas (@officer_cia) Rugpjūtis 3, 2022
Solana Status reports that engineers are currently working together to get to the root cause of the exploit as the community awaits further updates.
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
- Solana būsena (@SolanaStatus) Rugpjūtis 3, 2022
Solana, in recent years, has grown to become one of the most popular altcoins, sometimes even dubbed an “Ethereum killer.” However, in recent months, the network has been plagued by several outages and slowdowns. Consequently, it has attracted pasityčiojimas from the likes of Cardano chief Charles Hoskinson.
- Skelbimas -
Source: https://thecryptobasic.com/2022/08/03/scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit/?utm_source=rss&utm_medium=rss&utm_campaign=scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit