The exact cause of the vulnerability is still unknown, causing panic in the Solana community.
Solana, a highly functional open source project that builds on the decentralized nature of Blockchain technology to provide decentralized finance (DeFi) solutions, suffered a multi-million dollar hack when horrified users noticed that their wallets had been emptied of all their funds.
The hacker successfully managed to steal around $6 million in a sweeping raid against users’ wallets.
The exact vector of the attack is unknown, and there is increasing speculation about the cause of the vulnerability.
Solana Hack: A Sudden Crisis
Solana ecosystem contributor @SolportTom was one of the first to raise the alarm about the exploit via Twitter, by posting that, “The transactions look like normal transfers, not transfers of a contract. This is throughout the ecosystem, people speculate that it has to do with a gambling service.”
While some users were quick to connect the hack to the Phantom wallet, the company quickly denied such claims.
“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” said Phantom. “At this time, the team does not believe this is a Phantom-specific issue.”
Twitter user and crypto developer @0xfoobar had his own theory about the cause, linking the attack to widespread private key compromise. According to this source, both the Phantom and Slope wallets are affected, lending some credence to Phantom’s claims.
“The solution is to transfer assets to a wallet that has never exposed a private key to potentially vulnerable browser extensions,” said @0xfoobar. “That means hardware wallets, nothing else.”
@SolportTom added that, “Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of nowhere. Move everything to a ledger NOW.”
Send to a Cold Wallet and Revoke Access
In the absence of a firm explanation for the attack, Solana users have been advised to revoke access to everything and send all their crypto to a hardware wallet.
To eliminate the significant online attack vector, many opt to keep their keys offline at all times with cold wallets, which, unlike hot wallets, don’t connect to the Internet.
Previously, some cryptocurrency holders would keep a paper wallet: a printed piece of paper containing the wallet’s private key, usually in the form of a QR code. However, this is now seen as an outdated, risky security method.
Therefore, the best option for cold storage is definitely a hardware wallet, which aim to provide a better user experience while adopting a similar principle of keeping the private key offline. These are more portable, cheaper than a full PC, and custom-made for cryptocurrency storage.
For users without a hardware wallet, sending all funds to a centralized custodial exchange is an acceptable temporary solution. It does not provide full control of the user’s private keys. A third party (such as an exchange or custodial wallet service provider) will store the assets for the user. The crypto will only be as safe as the custodian keeps it. That’s why it’s important to choose a reliable exchange or service provider.
By Audy Castaneda