A security vulnerability affecting the Solana ecosystem has reportedly led to the depletion of millions of funds in various Solana-based wallets.
At the time of writing, Solana (SOL) is currently trending on Twitter as are countless users reference about the hack as it unfolds or report losing money themselves, warning anyone with Solana-based hot wallets like Phantom and Slope wallets to move their money to cold wallets.
1. Many users claim to receive notifications that they are sending tokens to an unknown address
2. The common denominator is that they were all there @ghost wallets
— Solar Dex (@solar_dex) August 2, 2022
So far, both Phantom and Magic Eden have commented on the issue, with wallet provider Phantom noting that it’s working with other teams to get to the bottom of the issue, though it says it doesn’t “think it’s a specific issue for the Phantom’. at this stage.
We are working closely with other teams to understand a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
Once we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022
Magic Eden confirmed The reports state that it “appears to be a widespread in-game SOL exploit that drains wallets across the ecosystem,” as it urged users to revoke permissions for any suspicious links on their Phantom wallets.
Twitter user @nftpeasant has been following the incident closely, and according to his research through Solscan, around $6 million has already been removed from Phantom wallets during a 10-minute period on August 2nd. In one instance a Phantom wallet is seen The user had $500,000 worth of USDC drained from their account.
— Matthew Graham (@mattysino) August 2, 2022
Popular fraud detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers originally funded the main wallet associated with this attack through Binance seven months ago.
Related: Solana-based stablecoin NIRV down 85% after $3.5M exploit
The transaction history shows that the wallet remained inactive until today before the hackers made transactions with four different wallets 10 minutes before the attack began.
— ZachXBT (@zachxbt) August 3, 2022
At this stage, it is unclear if the hack is ongoing, where it came from, and if more user money is still at risk. However, in response to @zachxbt’s post, @cryptojpeg noted that:
“Only 13 txn of which 3 of them are deposit solana txn and 1 is drain txn So basically one of those 9 txn made the wallet vulnerable to drain if not related to something else.”
Cointelegraph has reached out to Phantom for comment on the matter and will update the story if the company responds.