Excellent John K. Kumi is a cryptocurrency and fintech enthusiast, operations manager of a fintech platform, writer, researcher, and a huge fan of creative writing. With an Economics background, he finds much interest in the invisible factors that causes price change in anything measured with valuation. He has been in the crypto/blockchain space in the last five (5) years. He mostly watches football highlights and movies in his free time.
Blockchain auditors OtterSec, have hinted that the attack is ongoing and more than 8,000 wallets have been compromised so far.
The Solana ecosystem has become the latest target for crypto exploit as users claim funds have disappeared from their wallets without their knowledge. This came to notice after several tweets from victims raised an alarm. One member of the Solana community identified as @gostak_gm shared his experience:
“I was getting my sunglasses refit when I got a push notification from my mobile wallet that I had sent all the SOL from my wallet.”
According to him, the SOL was in his main hot wallet, so he had it connected to different mobile and web extension wallet providers as well as dapps.
Reports disclose that major internet-connected hot wallets including Phantom, Slope, and TrustWallets were the most affected. Blockchain auditors OtterSec, have hinted that the attack is ongoing and more than 8,000 wallets have been compromised so far. An investigation of this Solana crypto exploit has led to the discovery that several addresses linked to the attack have so far made over $5 million worth of SOL, SPL, and other Solana-based tokens.
The cause of this attack is so far unknown. However, it appears that the attacker can initiate and approve transactions on behalf of the user. In this case, a third-party service may have been compromised in a supply-chain attack. At the beginning of these reports, users suspected that the threat actor might have compromised transactions on Magic Eden’s Solana-based non-fungible token (NFT) marketplace. Magic Eden has in response asked users to move all their assets into a cold wallet. They also asked users to revoke all permissions from their wallets.
A representative of Phantom said to reporters that they are evaluating the situation:
“We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information. The team doesn’t believe this is a Phantom-specific issue at this time.”
The recent incident has reignited the long-standing debate concerning hot wallets and cold wallets. It is important to note that cold wallets are USB drives plugged into a computer to sign a transaction. It is said to be more secure than hot wallets which are always connected to the internet to ensure that users send, receive, and store their assets conveniently.