Hackers have once again targeted a number of Solana’s (SOL) most popular wallets, continuing a disturbing trend of security vulnerabilities for the blockchain.
The reported attacks began on August 1 and, according to the Solana-maintained block explorer SolScan, have so far drained around $8 million from Phantom, TrustWallet, Solflare, and Slope wallets.
SolScan data indicates that the attackers stole SOL and other tokens, including stablecoins USDC and USDT. USDC accounts for almost 45% of the total value stolen.
Solana industry companies respond to the hack
- For over a day, TrustWallet barely acknowledged that the hack happened. While hackers siphoned hundreds of thousands of dollars out of its customers’ wallets, the Binance-owned wallet maker shared a security tip as part of a giveaway promotion.
- Solflare denied that it knew about any issues with its wallet. It did warn not to migrate mnemonic phrases elsewhere.
- Slope said it was working on the issue. Finally, the day after the hack started, it posted an update.
- Phantom said that it was coordinating with other teams to investigate what happened.
Binance CEO Chengpeng Zhao (CZ) weighed in on the exploit by suggesting that connecting wallets to apps could have caused the vulnerability and he advised sending funds to a cold wallet or centralized exchange. He suggested Binance.
Magic Eden, Solana’s most popular NFT marketplace, suggested revoking permissions for any unnecessary or suspicious apps in users’ wallet settings. It soon escalated that advice, urging all users to migrate all assets to a brand new cold wallet.
Meanwhile, hardware manufacturer Ledger confirmed that none of its wallets appeared to have been affected, even though some were connected to Phantom. It said the private keys generated by Ledger hardware wallets always remain offline in a thread. The company also warned users never to import seed phrases or private keys into a hardware wallet because they’re less secure than keys generated by its devices.
Solana points fingers
Solana denied the problem existed on its blockchain. Instead, it blamed Slope, one of the software wallet makers. It said the exploit did not affect hardware wallets, despite the reality that most Solana users opted for software wallets, and warned users not to reuse compromised wallets or their seed phrases.
Solana’s most powerful sponsor, Sam Bankman-Fried, advised users to stop complaining about losing a few million dollars which is not, in his opinion, a big deal relative to the Nomad hack. Echoing Solana’s claim, he blamed the issue on vulnerabilities in third-party wallets.
Solana says it’s working with several security firms to determine what happened and asked affected users to fill out a form that included information on their compromised addresses.
Repeating pattern of Solana breaches
Solana has a long history of security vulnerabilities. Previous issues included its network repeatedly overloading and crashing, adding up to Solana frequently being offline for hours.
The blockchain saw its first significant outage on September 14, 2021. Engineers had to manually restart the network on December 4, 2021. Outages continued with some regularity and currently number in the dozens. Significant outages occurred at least six times during January 2022 alone.
For example, on January 6, 2022, Solana acknowledged that network performance degraded due to several “high compute” transactions. Similar transactions caused Solana to freeze again a couple of months later.
The exploits of Solana live wallets are the latest in a string of incidents that shook confidence in Solana. After each failure of the network or an app built on it, observers have questioned how it survived. Critics accuse Solana developers of putting speed ahead of security.