Ethereum Layer-1 competitor Solana has been facing a major exploit on its platform as per the latest reports. As per details, thousands of Phantom wallets have been compromised with the hackers stealing anywhere upwards of $6 million. There are more than 7000+ wallets affected, and also rising at 20/min.
Although the exact figures aren’t known this is just a random estimate from people familiar with the matter. For users holding their funds in the hot wallets of Phantom, the best thing would be to send funds to an exchange or move them to a hardware wallet.
In its recent update, Solana said that they have been monitoring the event. However, there’s no evidence of any hardware wallet being compromised. The official announcement notes:
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.
Phantom Investigating the Matter, SOL Tanks 4%
Phantom, the Solana-based wallet for DeFi and NFTs has been investigating the matter. Besides, they have said that the exploit issue doesn’t seem specific to Phantom. In its official announcement, Phantom noted:
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.
Over the last year, the Solana blockchain network has been facing multiple exploits. This has hit Solana’s reputation to an extent. Following the recent exploit, Solana’s native cryptocurrency SOL has come under pressure. As of press time, SOL is trading 3% down at a price of $30.09 with a market cap of $13.5 billion.
Ava Labs founder Emin Gun Sirer shared his opinion on the nature of the wallet exploits. He noted:
One possible route is a “supply chain attack” where a JS library is hacked, and it exfiltrates (steals) users’ private keys. Affected wallets seem to have been created in the last ~9 months, but there are reports of freshly created wallets also being affected.
A lot of people have suggested abouta faulty random number generator. This seems really anachronistic. 10 years ago, maybe. But we now know what not to do during private key generation. So I would be shocked if the hacker was “cracking” the keys because of lack of entropy.