In the midst of decentralized blockchain Solana's hackathon event, the platform has fallen victim to a major hack that drained about 8,000 internet-connected hot wallets. The hack impacted third-party wallets including Slope and Phantom, which are a part of the Solana ecosystem. Solana doesn't have its own native wallet.
Offline cold wallets have reportedly been spared, but that does nothing to calm the nerves of the thousands of impacted Solana users whose crypto assets are currently missing in action.
About 8,000 hot wallets were hit on the Solana ecosystem and damages are estimated in the millions.
An individual hacker or cybercriminal group has stolen Solana’s native token, SOL, as well as some compatible crypto assets like stablecoin USDC. Offline cold wallets have reportedly been spared, but estimates of the number of online hot wallets impacted is rising. Solana first reported 7,767 wallets were targeted, but later estimates jumped to 8,000. That number may rise still.
Altogether, it’s difficult to assess exactly much value the stolen crypto assets hold. As of the morning of Wednesday, Aug. 3, estimates are sitting around $8 million in stolen assets.
Solana wrote in a tweet, “This [hack] does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.”
Third-party wallets Slope and Phantom got targeted.
Popular third-party wallets Slope and Phantom have been hit by the hack. Slope and Phantom are part of the diverse Solana ecosystem.
According to Solana co-founder Anatoly Yakovenko, the hack “seems like an iOS supply chain attack. Multiple plausible wallets that only received SOL and had no interactions beyond receiving have been affected.”
Slope has stated it's investigating and will update the community once it has answers. Phantom hasn't spoken about the matter yet.
The crypto winter isn't discouraging hackers.
In the height of crypto success last year, decentralized hacks and fraudulent rug pulls were rampant. Even as values are down across the board, hackers are still targeting crypto asset owners. Just one day prior to the Solana hack, users of the Ronin Network (an Axie Infinity crypto bridge) fell victim to a $190 million hack. This wasn't Ronin’s first rodeo — the network lost $625 million in an earlier hack — but it was the first time a crypto hacker used a fake LinkedIn job post to get the job done. Axie Infinity said that “advanced spear-phishing attacks” were to blame.
It’s easy to blame the hackers, but the fact is that gaps exist in the system, which allows these hacks to proceed. As crypto endures a regulatory gray area, individual users and their invested assets are at stake.
So, how does one protect themselves in an unpredictable time? You should store crypto assets that you don’t plan on selling or using in a cold wallet, which is offline (versus a hot wallet, which is connected to the web). You are much less likely to experience a hack by doing this, though you still aren't immune to the risk.