Blockchain platforms, crypto-wallets, and cryptocurrencies are already very common. They have become part of everyday web movements and the vocabulary of many users. However, on rare occasions, when cybercriminals attack the systems of these platforms, users can lose a lot of money. This is the case today; Solana suffered a hack a few hours ago, and there are already losses of millions of USD. Read the details.
Solana suffers a hack in her Slope and Phantom wallets
Solana is a general access blockchain platform with smart contract functionality. They have their own cryptocurrency: Sol, and their system is based on the PoS consensus algorithm. They are now at the center of the news in the crypto world due to the fact that many users, especially of their Slope and Phantom wallets, began to report that their funds had disappeared.
In a few hours, Solana reported that her system had been hacked, which affected Slope and Phantom in their versions for Android and web extensions, as can be seen on the following Twitter thread:
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.
This thread will be updated as new information becomes available.
— Solana Status (@SolanaStatus) August 3, 2022
Hardware wallets were not affected; in fact, many crypto experts praise the security of these wallets. Therefore, Solana recommends that unaffected users transfer their funds to them, and those without funds leave the affected wallets as they are not considered safe.
Another recommendation is not to use the same seed phrase of affected wallets in a new one or in the hardware ones. In addition, review all security measures and reinforce them if necessary. Also, to have access to more details, they invite all those affected to fill out a survey where they can give all the necessary information.
Among the theories that experts in blockchain are handling, there’s an attack on the supply chain where a JS directory is hacked by leaking the private keys of the users. The other theory is a zero-day attack due to a bug in a browser, but they see it as impossible because the affected extensions are from multiple browsers.
As Emin Gün Sirer, CEO and founder of AvaLabs points out, the first theory is the most realistic since “it is likely that the attacker has gained access to the private keys” because all the transactions were signed correctly. He ends by saying that if so, it would be very difficult to solve the attack and recover the funds since it is not known who is the legitimate owner of the wallets.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp