HACKERS have stolen over $5 million in cryptocurrency assets from the Solana ecosystem after users reported their funds were drained without their knowledge.
Blockchain auditors OtterSec said the attack is still ongoing, as the attackers exploited a vulnerability in its system, which has seen over 8,000 wallets being compromised.
Thousands of wallets were affected in the latest hit to the cryptocurrency market after bridge protocol Nomad was attacked at the start of the week.
Different Solana addresses were linked to the attack, with those wallets amassing at least $5 million worth of SOL, SPL and other Solana-based tokens from unsuspecting users.
Co-founder of Solana Labs, Anatoly Yakovenko, in a tweet, acknowledged the breach.
looking for folks who were effected by the attack, but only received sol or tokens into the wallet and never transacted more than once, never reused their mnemonic key anywhere else.
— toly 🇺🇸 (@aeyakovenko) August 3, 2022
“The root cause is still not clear,” Elliptic’s co-founder Tom Robinson said. “It appears to be due to a flaw in certain wallet software, rather than in the Solana blockchain itself.”
The attack sent Solana’s SOL token down as much as 7.3 per cent to $38.40 in early trading on Wednesday, its lowest in a week. Bitcoin was up 1.5 per cent at $23,367.
Crypto projects have proved to be a funnel for hackers, and the industry has suffered numerous attacks this year.
Solana’s hack comes days after Nomad — a bridge protocol known for transferring crypto tokens across different blockchains, lost close to $200 million in security exploits on Monday.
More than $1 billion has already been stolen from bridges in 2022, according to a June report by Elliptic.
“Much remains unknown at this point, except that hardware wallets are not impacted,” Solana spokesman Austin Federa said in a statement.
While there’s speculation the incident was a supply-chain attack, the nature of the exploit remains unclear.
Supply-chain hacks occur when an outside party or provider with access to the victim’s systems and data is infiltrated.
The real question is, why were they doing this? Did they have criminal intent? That seems unlikely. Were they compensating for lack of functionality in an sdk by shipping the keys to a server and performing some crypto operation there? Something else?
— Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
Solana, which has suffered network outages in the past, is a rival to the Ethereum blockchain.
As transaction prices on Ethereum rose last year, chains like Solana, which tout their low transaction fees, emerged as alternatives for minting non-fungible tokens.
Solana’s code is also popular with clients looking to build decentralized-finance applications.
Elliptic’s Robinson said that some NFTs were also stolen in the hack – but the full impact of the exploit is still unclear.
It is unclear whether the vulnerability is limited only to the Solana blockchain.
A TrustWallet and Slope wallet user reported losing USDC on Solana and Ethereum. Solana is the fifth-largest blockchain by total value locked (TVL), according to DefiLlama.
Its quick transactions and low fees have grown in popularity over the past year.
Amos Abba is a journalist with the International Center for Investigative Reporting, ICIR, who believes that courageous investigative reporting is the key to social justice and accountability in the society.