Users Still in the Dark Over $5m Theft From Blockchain Firm Solana

Threat actors have stolen over $5m from blockchain platform Solana, although the exact modus operandi is still being investigated.

The San Francisco-headquartered decentralized blockchain took to Twitter yesterday morning to confirm the incident, claiming that at the time 7767 wallets had been impacted, including Slope and Phantom users.

It asked affected users to fill in an online survey to help its engineers get to the bottom of what happened.

“Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time,” it said.

“There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets. Do not reuse your seed phrase on a hardware wallet – create a new seed phrase. Wallets drained should be treated as compromised, and abandoned.”

The firm claimed that engineers from several ecosystems are currently investigating the incident, with the help of multiple security firms.

Solana markets itself as “the fastest blockchain in the world” and the “fastest growing ecosystem in crypto,” with thousands of projects across DeFi, NFTs, Web3 and other initiatives.

"The Solana attack is just the latest in a recent series of attacks on crypto,” explained Pixel Privacy consumer privacy champion, Chris Hauk.

“Users will want to revoke any third-party permissions on their wallets until Solana and other affected exchanges fix the issues allowing these attacks. Investors should also move their cryptocurrencies out of hot wallets to cold wallets."

This incident is the latest in a long line of successful raids on cryptocurrency companies, several of which have been linked to state-backed actors.

These include the largest single theft of cryptocurrency ever recorded when North Korean hackers stole nearly $620m from Ethereum sidechain Ronin Network.

This just topped the $610m heist at Poly Network last August.

What’s Hot on Infosecurity Magazine?