Skip to main content

Solana ecosystem hit by hack draining millions in crypto from 8,000 hot wallets

Solana ecosystem hit by hack draining millions in crypto from 8,000 hot wallets

/

The attack is affecting internet-connected wallets on iOS and Android

Share this story

Illustration by Alex Castro / The Verge

Hackers have targeted the Solana ecosystem, draining crypto funds from thousands of “hot” wallets connected to the internet. Such attacks are common among blockchain platforms, but the news is still significant given the praise Solana has attracted as one of the faster and cheaper ecosystems for trading digital assets.

It seems hackers have been able to steal both Solana’s own cryptocurrency (SOL) and some compatible with the Solana blockchain, like the stablecoin USD Coin (USDC). As the attack is ongoing, the value of the assets stolen is not clear, but reports from independent analysts and security firms like PeckShield estimate the losses are worth as much as $8 million.

Solana has struggled with security incidents in the past, including bot spam and reported Distributed Denial of Service, or DDoS, attacks. Meanwhile, it’s also taking deposits for the Saga phone that it says will launch next year with support for the network’s decentralized apps built-in.

Solana’s official Twitter account now says that approximately 8,000 (up from 7,767 earlier) wallets appear to have been affected by the attack, including those operated by third parties Phantom and Slope. The company did not explain the cause of the attack but noted that there was no evidence that hardware wallets (those not connected to the internet) had been affected.

In a tweet, the company’s status update says, “This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.”

On Twitter, however, Solana’s co-founder Anatoly Yakovenko went into a little more detail, suggesting the hack seemed like a supply chain attack targeting both iOS and Android applications (meaning that the attackers exploited some weakness in connected apps or browser extensions). As Decrypt reports, the transactions are signed with users’ private keys, suggesting the attackers have somehow compromised the seed phrase that’s used to secure their wallets.

Update August 2nd, 9:35AM ET: Added latest updates from Solana.

Today’s Storystream

Feed refreshed 6 minutes ago The tablet didn’t call that play by itself

R
The Verge
Richard Lawler6 minutes ago
Green light.

Good morning to everyone, except for the intern or whoever prevented us from seeing how Microsoft’s Surface held up to yet another violent NFL incident.

Today’s big event is the crash of a NASA spaceship this evening — on purpose. Mary Beth Griggs can explain.


D
David Pierce12 minutes ago
Thousands and thousands of reasons people love Android.

“Android fans, what are the primary reasons why you will never ever switch to an iPhone?” That question led to almost 30,000 comments so far, and was for a while the most popular thing on Reddit. It’s a totally fascinating peek into the platform wars, and I’ve spent way too much time reading through it. I also laughed hard at “I can turn my text bubbles to any color I like.”


T
Thomas RickerTwo hours ago
The Simpsons pays tribute to Chrome’s dino game.

Season 34 of The Simpsons kicked off on Sunday night with an opening credits “couch gag” based on the offline dino game from Google’s Chrome browser. Cactus, cactus, couch, d’oh! Perfect.


T
Youtube
Thomas Ricker7:29 AM UTC
Table breaks before Apple Watch Ultra’s sapphire glass.

”It’s the most rugged and capable Apple Watch yet,” said Apple at the launch of the Apple Watch Ultra (read The Verge review here). YouTuber TechRax put that claim to the test with a series of drop, scratch, and hammer tests. Takeaways: the titanium case will scratch with enough abuse, and that flat sapphire front crystal is tough — tougher than the table which cracks before the Ultra fails — but not indestructible.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.