Solana audit firm OtterSec claimed in a tweet that the Solana hack also affected Ethereum (ETH) users. The hack took place in the early hours of August 3 when hackers hijacked $8 million in funds from nearly 8,000 SOL “hot wallets” including Phantom, Slope and Trust Wallet. Here are the details…
Solana hacked: Team also warns ETH users
cryptocoin.com As we have also reported, Solana has been heavily attacked. More than 8,000 wallets have been seized so far. OtterSec noted that attackers used real keys to sign transactions. He said this also compromised private keys in Phantom, Slope, Solflare, and TrustWallet. There are also cases of SOL wallet issue affecting ETH users. However, ETH users are not widely affected.
There's also been evidence of this issue affecting ETH users, although it seems less widespread. https://t.co/RwEuI0xEhA
— OtterSec (@osec_io) August 3, 2022
Solana attack; It affects multiple wallets, including Phantom, Slope, Solflare, and TrustWallet. Users are asked to move assets to cold wallets or centralized exchanges. OtterSec referred to an Ethereum user who reported that the ERC-20 and USDC-SPL tokens held in both Slope and TrustWallet were depleted. It was also stated that the wallet was inactive for 40 days. PeckShieldAlert also confirmed that a user’s TrustWallet and Slope wallets were compromised on both SOL and Ethereum before Solana wallets were drained. The attackers transferred approximately $80 million worth of ERC-20 tokens to the Ethereum address.
#PeckShieldAlert Seems like before Solana Wallets got drained, a user's TrustWallet and Slope wallets have compromised on both Solana and Ethereum
~$80k (~7 $ETH, 42k $USDC, 12k $USDT, 6 $PAXG…) into exploiters' Ethereum address https://t.co/0AyJYL0j4P pic.twitter.com/EFuogwbQKZ— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
What is the source of the problem?
The audit firm revealed that the transactions were signed by the real owners, that is, the private keys were compromised. Solana Labs and Phantom claim their networks are working fine. He doesn’t believe the problem is with the Solana network or the Phantom wallet. Meanwhile, SOL confirmed in its latest tweet that there is no evidence that hardware wallets have been compromised. Engineers, multiple security researchers, and ecosystem teams want to identify the root cause of the abuse. It’s working to monitor emptied wallets in Solana. Experts use the following expressions:
There is no evidence that hardware wallets are affected. Users are strongly advised to use hardware wallets. Do not reuse your seed phrase in a hardware wallet. Create a new seed phrase. Empty wallets should be treated as compromised.
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.
Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.
Wallets drained should be treated as compromised, and abandoned.
— Solana Status (@SolanaStatus) August 3, 2022
SOL is urging affected users to complete the “Secure Wallet Data Collection” form to help engineers investigate the issue and find the root cause. Meanwhile, according to Solana validator Discord, a validator named Jito launched a DDOS attack on SOL RPC nodes to reduce the SOL steal rate from 1,000 per minute to 1 per minute. But the Twitter community is questioning the DDOS attack on the SOL network. Many claim that the attack will continue after the network is reopened. Meanwhile, Solana Labs co-founder Anatoly Yakovenko confirmed the iOS supply chain attack.
