Multimillion Dollar Solana Hack Compromises More Than 9K Wallets

More than $4 million in funds were drained from Slope wallets and Phantom wallets linked to Slope in the recent attacks.

More Than $4 Million Lost

A coordinated attack of hackers on Solana wallets on Aug. 2 resulted in the loss of funds totaling over $4 million, affecting 9,214 wallets.  

Reports from Slope wallet and Phantom wallet indicate that the exploit causing millions of dollars in losses involved the theft of tokens from users of Slope wallets and Phantom wallets tied to Slope. Further, blockchain audit protocol Zellic rejected associations of the recent hack to any core Solana network issues. 

What Really Happened?

Tristan, a developer at Zeta Protocol on Solana, documented most of the incidents on Twitter as follows:

In the initial phase, hundreds of thousands of dollars were lost every minute. (The hackers converted all the assets into USD).

Another major outflow of $1 million-$2 million occurred at 23:19 UTC, just as things were beginning to stabilize.

A large outflow in $SOL and $USDC mostly affected thousands of wallets.

After the first hour, the illicit activities dropped, but smaller $SOL and altcoin transfers continued for many hours.

As Tristan pointed out and was later confirmed by ZachXBT, all the funds went to four addresses, but all were funded from the same wallet. 

Here are the hacker’s wallet addresses from Solscan:  account 1account 2account 3, and account 4.

Looking for Reasons?

Developers of Slope stated in an official statement that “a cohort” of wallets had been compromised, but they did not confirm whether private key storage practices were involved. 

However, Zellic explained that wallets could leak private keys to Sentry. Sentry is an event logging platform used for reporting errors in apps. The company’s Sentry logs the details and environment whenever an event occurs in the app.

“However, Slope has been using Sentry for only one week now. **Hypothetically**, an attacker *with access to Sentry* could go through event logs and steal the thousands of mnemonics leaked in the past week. Then drain thousands of wallets,” Zellic said in the Twitter thread.

Further, a recent hacking incident with crypto firm Nomad resulted in a loss of about $200 million. The field of decentralized finance is still in its infancy, and hacks like these indicate there is much work to be done in regard to assuring security of funds.

Source : web3wire

Leave a Reply

Your email address will not be published.