Solana Blockchain is facing fresh attacks targeting Phantom and Slope wallets

After a series of security breaches and exploits in recent months have negatively affected investor sentiment, Solana, a tier-1 blockchain, is experiencing yet another attack. As a result, this has triggered a decline in the platform-based SOL token’s value as well as investor confidence.

At the time of writing, #SOL is trending on Twitter due to an exploit that began on Tuesday, August 2, 2022, losing as much as $8 million from thousands of Solana-based wallets such as Slope and Phantom so far.

According to the latest report from blockchain auditing firm OtterSec, “the attack is still ongoing and more than 5,000 Solana-based wallets have been compromised so far.” The numbers are increasing as more users continue to report loss of funds.

The exact cause of the attack remains unclear

While the exact cause remains unclear, preliminary reports indicate that the attacker (or group of attackers) is stealing both SOL and SPL (USDC) tokens, primarily targeting Phantom and Slope wallets that have been inactive for more than six months.

The hacker somehow gained the ability to initiate and approve transactions on behalf of users (i.e. sign the transactions), suggesting that a third-party service may have been compromised due to an “upstream dependency supply chain attack.”

The latest report from blockchain investigator PeckShield claims that hackers are exploiting Solana wallets due to a “supply chain issue” to steal users’ private keys. The total number of compromised wallets has crossed 8,000 and is increasing at about 20 per minute. But since there is no clear answer as to what caused this, the market is awash with speculation about the cause.

Data compiled by blockchain tracking platform MistTrack highlights four wallet addresses that may be linked to hackers. These wallets currently hold around $5 million in SOL, USDC, USDT, BTC (BTC-USD), and ETH (ETH-USD). Meanwhile, the Solana team has confirmed the breach, revealing that approximately 7,767 wallets have already been compromised.

The Solana team has also clarified that this breach affects the wallet’s mobile apps and web extensions. Experts encourage users to transfer their assets from Phantom and Slope wallets to other cold wallets or centralized exchange wallets in the meantime.

The attack is still unfolding and initial reports indicate that private keys have been compromised. This means that compromised wallet holders have limited use in preventing hackers from making off with their money. As a result of the widespread wallet hack, many investors have expressed doubts about Solana’s future. In the two hours following the first reports of the hack, Solana’s price dropped by 8%.

Per Vidor Gencel, CEO and co-founder of Solflare, “All we know is that based on current incident reports, there has been almost no mention of Solflare, and that Solflare users are safe unless they import the seed phrase into other wallets. – then may they be exposed. The entire ecosystem is looking for answers and we are monitoring the situation closely and will provide updates as soon as possible.”

No significant progress has been made so far

The Slope and Phantom wallet teams have also confirmed that they are working with Solana Labs and other Solana-powered protocols to get to the root of the problem. However, no significant progress has been recorded so far. Solana’s security has faced significant scrutiny, especially given the recent string of hacks that have drained billions of dollars from the ecosystem.

Regarding the security issues that shun the promising layer-1 blockchain, Tezos co-founder Arthur Breitman notes, “Security issues that could affect an L1, from least to most serious: (1). Block censorship; (2). Consensus security flaws; (3). Deflation bug; (4). Inflation bug; (5). Widespread private keys are compromised. The problem with the last one is that there are basically no mitigations.”

He explains, “Widespread compromise of private keys is also usually not related to failures in the L1 node, but in the clients (e.g. wallet). Forking, stopping the chain, or whatever doesn’t help because the only way users are authenticated is through knowledge of their private key. Once it’s out, it’s out.”

When it comes to potential solutions, Arthur emphasizes: “The only realistic mitigation would be to shift and have centralized keys for redelivery of services via thorough identity checks to deter false claims. Make it pragmatic for the biggest holders and save the smaller ones via inflation.”

Mediation