After users reported that funds have been drained from internet- connected "hot" wallet, Solana has become the target of a new hack.
Around $8 million has been drained from the Solana network by an actor.
The attack that only affected hot wallets that are always connected to the internet is not limited to Solana. The investor reported that hisUSDC balance was taken.
Phantom, Slope and TrustWallet have been affected by the attack. The company says it has not been affected by the exploit. Solana warned that drained wallet should be treated as abandoned and compromised.
Hours after the hack, Phantom said it didn't think it was a Phantom-specific issue.
The wallet developer said that it has reason to believe that the reported exploits are due to the complicated relationship between Slope Finance and the wallet developer. We are trying to determine if there were other vulnerabilities that contributed to this incident.
Slope said that it is working to sort out the issue as quickly as possible and that it is working to fix the problem.
Industry leaders, including Emin Gn Sirer, founder of another popular blockchain Avalanche, pointed out that the vulnerability could be a supply chain attack and that the transactions were properly signed.
Chris Kraeuter, Solana's spokesman, refused to answer our questions, but referred us to Solana's Status Twitter account, which stated that the issue does not appear to be a bug in Solana's software, but in software used by several software wallet popular among The root cause of the exploit is unknown at this time, but the company's engineers are working with multiple security researchers to identify it.
Just hours before the Solana attack, malicious actors stole almost $200 million from the cross-chain messaging protocol Nomad. A recent update to a smart contract made it easy for users to spoof transactions in the free-for-all attack.
Comments from Solana and Phantom have been updated.