Skip to main content

Solana ecosystem hit by hack draining millions in crypto from 8,000 hot wallets

Solana ecosystem hit by hack draining millions in crypto from 8,000 hot wallets


The attack is affecting internet-connected wallets on iOS and Android

Share this story

Illustration by Alex Castro / The Verge

Hackers have targeted the Solana ecosystem, draining crypto funds from thousands of “hot” wallets connected to the internet. Such attacks are common among blockchain platforms, but the news is still significant given the praise Solana has attracted as one of the faster and cheaper ecosystems for trading digital assets.

It seems hackers have been able to steal both Solana’s own cryptocurrency (SOL) and some compatible with the Solana blockchain, like the stablecoin USD Coin (USDC). As the attack is ongoing, the value of the assets stolen is not clear, but reports from independent analysts and security firms like PeckShield estimate the losses are worth as much as $8 million.

Solana has struggled with security incidents in the past, including bot spam and reported Distributed Denial of Service, or DDoS, attacks. Meanwhile, it’s also taking deposits for the Saga phone that it says will launch next year with support for the network’s decentralized apps built-in.

Solana’s official Twitter account now says that approximately 8,000 (up from 7,767 earlier) wallets appear to have been affected by the attack, including those operated by third parties Phantom and Slope. The company did not explain the cause of the attack but noted that there was no evidence that hardware wallets (those not connected to the internet) had been affected.

In a tweet, the company’s status update says, “This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.”

On Twitter, however, Solana’s co-founder Anatoly Yakovenko went into a little more detail, suggesting the hack seemed like a supply chain attack targeting both iOS and Android applications (meaning that the attackers exploited some weakness in connected apps or browser extensions). As Decrypt reports, the transactions are signed with users’ private keys, suggesting the attackers have somehow compromised the seed phrase that’s used to secure their wallets.

Update August 2nd, 9:35AM ET: Added latest updates from Solana.