Solana, USDC Among Wallets Drained in Unfolding Attack

An unknown attacker has been draining wallets of Solana and USDC, per multiple reports on Twitter, following on the heels of the Nomad Token Bridge hack.

“Over 5,000 Solana wallets have been drained in the past few hours,” reported blockchain audit firm OtterSec. “These transactions are being signed by the actual owners, suggesting some sort of private key compromise.”

Initial reports singled out the Solana browser wallet Phantom and the Solana ecosystem. The news has already prompted an 8% drop in Solana’s value in the two hours following the first reports of the attack, according to CoinMarketCap, which also notes a 45 percent increase in trading volume in the last 24 hours.

“There’s an unknown $SOL exploit currently draining random Phantom wallets,” said crypto investor and analyst Miles Deutscher. “$6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.”

There’s an unknown $SOL exploit currently draining random Phantom wallets right now. ⚠️

$6m currently stolen.

If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.

— Miles Deutscher (@milesdeutscher) August 3, 2022

Popular Solana NFT marketplace Magic Eden also took to Twitter to warn of the exploit.

“There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem,” the account wrote. In the tweet, Magic Eden provided instructions to remove permissions for suspicious links.

🚨🚨🚨There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem

Here’s what you can do right now to best protect yourself 1. Go to >Settings on your @phantom wallet2. >Trusted Apps3. >Revoke Permissions for any suspicious links

💜

— Magic Ethen 🪄 (@MagicEden) August 3, 2022

Phantom says it is investigating the reported exploits.

“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” Phantom tweeted. “At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.”

We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.

As soon as we gather more information, we will issue an update.

— Phantom (@phantom) August 3, 2022

But the attack does not appear to be limited to Solana. Another user reported his USDC balance was drained as well.

Just had my USDC drained AMA🙁

— Justin.sol (@JustinBarlow) August 3, 2022

Twitter user Justin”Justin.sol” Barlow posted: “My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained.”

For reference I haven’t interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained

— Justin.sol (@JustinBarlow) August 3, 2022

Crypto analyst and author @0xfoobar confirmed that “the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)… affecting wallets that have been inactive for less than 6 months.”

Theorizing that it might be an “upstream dependency supply chain attack,” he added that the widespread advice of revoking wallet approvals will probably not help — only transferring to an offline hardware wallet.

“These SOL and SPL transfers are signed by the users themselves, not transferred away by a third party using approvals,” @0xfoobar explains. “So while you can revoke, it’s likely something has caused widespread private key compromise.”

🚨 Widespread Solana private key compromise 🚨

– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)- affecting wallets that have been inactive for >6 months- both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q

— foobar (@0xfoobar) August 3, 2022

This is a developing story and will be updated as details emerge.

Stay on top of crypto news, get daily updates in your inbox.

Source link