The Solana wallet hack: What we know so far

This post was originally published on this site

Another day, another big hack in the crypto world. On Tuesday, Solana owners reported that their funds were vanishing—and by evening it became clear a hacker was draining millions from online wallets.

The cause of the hack is still unclear and so is the extent of the damage, though security firms estimate that the hacker has made of with at least $5.2 million worth of assets—including Solana’s native cryptocurrency SOL, a small number of non-fungible tokens (NFTs), and over 300 Solana-based tokens.

“Engineers … continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained,” Austin Federa, head of communications at the Solana Foundation, told Fortune. “This does not appear to be a bug with Solana core code, but in software used by several wallets popular among users of the network.” Here’s a plain English summary of what we know so far:

Who got hacked?

Over 8,000 wallets were targeted in the attack. Most were Solana “hot” wallets—those connected to the Internet—notably, Phantom, Slope and TrustWallet. 

How did this happen?

It is still uncertain how this happened, but it appears the attacker was able to approve transactions on behalf of victims, letting them transfer funds without the owners’ consent. 

Anatoly Yakovenko, co-founder of Solana, thinks the exploit is a result of a “supply chain attack,” a type of cyberattack where an attacker can access a victim’s account by targeting a  third-party vendor.

In a blog post on Wednesday morning, security firm Elliptic said, “The root cause is still not clear, but it appears to be due to a flaw in certain wallet software – rather than in the Solana blockchain itself.”

Does the hack only affect Solana users?

As previously mentioned, the extent and precise nature of the attack is still not clear, but for now it appears to be affecting only those who use Solana products. However, a TrustWallet and Slope wallet user claimed they lost USDC on Solana and Ethereum as well, so only time will tell the true impact of the exploit.

When will we know more?

Updates will be posted to https://twitter.com/SolanaStatus as they become available, the Solana Foundation’s Federa told Fortune. 

Additionally, Elliptic will continue to update its blog with developments as the firm investigates.

What should crypto owners do to protect themselves? 

Though there are still risks, “cold” wallets, or hardware wallets stored offline, are widely considered to be the safest option for cryptocurrency investors trying to protect their funds.

So-called hot wallets—which appear to have been the target of this latest exploit—are typically more susceptible to attack, as they’re connected to the internet rather than stored physically offline. 

Experts advise moving funds from a hot wallet to a hardware wallet as soon as possible.

As the “Solana Status” account tweeted on Wednesday, “There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets. Do not reuse your seed phrase on a hardware wallet—create a new seed phrase. Wallets drained should be treated as compromised, and abandoned.”